CVE-2025-12790

A flaw was found in Rubygem MQTT. By default, the package used to not have hostname validation, resulting in possible Man-in-the-Middle (MITM) attack.

Published Nov 7, 2025

https://github.com/advisories/GHSA-9c5q-w6gr-fxcq

CVSS ScoreHigh

7.4

Ecosystem	Package	Version

Ecosystem	Package	Version

Vulnerabilities

CVE-2025-12790

A flaw was found in Rubygem MQTT. By default, the package used to not have hostname validation, resulting in possible Man-in-the-Middle (MITM) attack.

Published Nov 7, 2025

https://github.com/advisories/GHSA-9c5q-w6gr-fxcq

CVSS ScoreHigh

7.4


gem	mqtt	0.2.0
gem	mqtt	0.3.0
gem	mqtt	0.3.1
gem	mqtt	0.4.0
gem	mqtt	0.5.0
gem	mqtt	0.6.0

Ecosystem	Package	Version


gem	mqtt	0.2.0
gem	mqtt	0.3.0
gem	mqtt	0.3.1
gem	mqtt	0.4.0
gem	mqtt	0.5.0
gem	mqtt	0.6.0

Find vulnerabilities. Fix fast with AI.

CVE-2025-12790

CVE-2025-12790