CVE-2025-12790— Rubygem-mqtt: rubygem-mqtt hostname validation

CVSS 7.4 · High EPSS 0.04% · P13 Updated Feb 27, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-12790

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Rubygem-mqtt: rubygem-mqtt hostname validation

Source: NVD (National Vulnerability Database)

Vulnerability Description

A flaw was found in Rubygem MQTT. By default, the package used to not have hostname validation, resulting in possible Man-in-the-Middle (MITM) attack.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

路径遍历：’..filename’

Source: NVD (National Vulnerability Database)

Vulnerability Title

MQTT 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

MQTT（Message Queuing Telemetry Transport,消息队列遥测传输）是一个ISO 标准（ISO/IEC PRF 20922）下基于发布 (Publish)/订阅 (Subscribe)范式的消息协议，它工作在TCP/IP协议族上，是为硬件性能低下的远程设备以及网络状况不好的情况下而设计的发布/订阅型消息协议。 MQTT存在安全漏洞，该漏洞源于默认情况下缺少主机名验证，可能导致中间人攻击。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE
Nicholas J Humfrey	ruby-mqtt	0 ~ 0.7.0	-
Red Hat	Red Hat Satellite 6	-	`cpe:/a:redhat:satellite:6`
Red Hat	Red Hat Satellite 6	-	`cpe:/a:redhat:satellite:6`

II. Public POCs for CVE-2025-12790

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-12790

请登录查看更多情报信息。

CVE-2025-12790 - Red Hat Customer Portalvdb-entryx_refsource_REDHAT
https://nvd.nist.gov/vuln/detail/CVE-2025-12790

IV. Related Vulnerabilities

Same weakness: CWE-29

V. Comments for CVE-2025-12790

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2025-12790— Rubygem-mqtt: rubygem-mqtt hostname validation

I. Basic Information for CVE-2025-12790

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2025-12790

III. Intelligence Information for CVE-2025-12790

IV. Related Vulnerabilities

V. Comments for CVE-2025-12790

Leave a comment