Search criteria
2 vulnerabilities found for ruby-mqtt by Nicholas J Humfrey
CVE-2025-12790 (GCVE-0-2025-12790)
Vulnerability from nvd – Published: 2025-11-06 21:07 – Updated: 2025-12-22 20:30
VLAI?
Title
Rubygem-mqtt: rubygem-mqtt hostname validation
Summary
A flaw was found in Rubygem MQTT. By default, the package used to not have hostname validation, resulting in possible Man-in-the-Middle (MITM) attack.
Severity ?
7.4 (High)
CWE
- CWE-29 - Path Traversal: '..filename'
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Nicholas J Humfrey | ruby-mqtt |
Affected:
0 , < 0.7.0
(semver)
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12790",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-07T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-08T04:55:19.808Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/njh/ruby-mqtt",
"defaultStatus": "unaffected",
"packageName": "ruby-mqtt",
"product": "ruby-mqtt",
"vendor": "Nicholas J Humfrey",
"versions": [
{
"lessThan": "0.7.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite:6"
],
"defaultStatus": "affected",
"packageName": "rubygem-mqtt",
"product": "Red Hat Satellite 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite:6"
],
"defaultStatus": "affected",
"packageName": "satellite:el8/rubygem-mqtt",
"product": "Red Hat Satellite 6",
"vendor": "Red Hat"
}
],
"datePublic": "2025-11-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Rubygem MQTT. By default, the package used to not have hostname validation, resulting in possible Man-in-the-Middle (MITM) attack."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-29",
"description": "Path Traversal: \u0027..filename\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-22T20:30:07.076Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-12790"
},
{
"name": "RHBZ#2413004",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2413004"
},
{
"url": "https://github.com/njh/ruby-mqtt/blob/main/NEWS.md#ruby-mqtt-version-070-2025-10-29"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-06T03:28:03.941000+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-11-06T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Rubygem-mqtt: rubygem-mqtt hostname validation",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-29: Path Traversal: \u0027..filename\u0027"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-12790",
"datePublished": "2025-11-06T21:07:34.970Z",
"dateReserved": "2025-11-06T03:33:00.733Z",
"dateUpdated": "2025-12-22T20:30:07.076Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12790 (GCVE-0-2025-12790)
Vulnerability from cvelistv5 – Published: 2025-11-06 21:07 – Updated: 2025-12-22 20:30
VLAI?
Title
Rubygem-mqtt: rubygem-mqtt hostname validation
Summary
A flaw was found in Rubygem MQTT. By default, the package used to not have hostname validation, resulting in possible Man-in-the-Middle (MITM) attack.
Severity ?
7.4 (High)
CWE
- CWE-29 - Path Traversal: '..filename'
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Nicholas J Humfrey | ruby-mqtt |
Affected:
0 , < 0.7.0
(semver)
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12790",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-07T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-08T04:55:19.808Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/njh/ruby-mqtt",
"defaultStatus": "unaffected",
"packageName": "ruby-mqtt",
"product": "ruby-mqtt",
"vendor": "Nicholas J Humfrey",
"versions": [
{
"lessThan": "0.7.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite:6"
],
"defaultStatus": "affected",
"packageName": "rubygem-mqtt",
"product": "Red Hat Satellite 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite:6"
],
"defaultStatus": "affected",
"packageName": "satellite:el8/rubygem-mqtt",
"product": "Red Hat Satellite 6",
"vendor": "Red Hat"
}
],
"datePublic": "2025-11-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Rubygem MQTT. By default, the package used to not have hostname validation, resulting in possible Man-in-the-Middle (MITM) attack."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-29",
"description": "Path Traversal: \u0027..filename\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-22T20:30:07.076Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-12790"
},
{
"name": "RHBZ#2413004",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2413004"
},
{
"url": "https://github.com/njh/ruby-mqtt/blob/main/NEWS.md#ruby-mqtt-version-070-2025-10-29"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-06T03:28:03.941000+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-11-06T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Rubygem-mqtt: rubygem-mqtt hostname validation",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-29: Path Traversal: \u0027..filename\u0027"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-12790",
"datePublished": "2025-11-06T21:07:34.970Z",
"dateReserved": "2025-11-06T03:33:00.733Z",
"dateUpdated": "2025-12-22T20:30:07.076Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}