Home > Vulnerability Database > CVE-2025-56353

Mend.io Vulnerability Database

CVE-2025-56353

Good to know:

Date: January 19, 2026

In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 (2024-02-18), a memory leak occurs due to the broker's failure to validate or reject malformed UTF-8 strings in topic filters. An attacker can exploit this by sending repeated subscription requests with arbitrarily large or invalid filter payloads. Each request causes memory to be allocated for the malformed topic filter, but the broker does not free the associated memory, leading to unbounded heap growth and potential denial of service under sustained attack.

Severity Score

7.5

Related Resources (3)

Url: https://github.com/JustDoIt0910/tinyMQTT/issues/19

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-56353

Url: https://www.mend.io/vulnerability-database/CVE-2025-56353

Severity Score

7.5

Weakness Type (CWE)

Missing Release of Memory after Effective Lifetime

CWE-401

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-56353

Good to know:

Date: January 19, 2026

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?