CVE-2025-56352
Possible ATT&CK Techniques 2AI
T1499 · Endpoint Denial of Service T1190 · Exploit Public-Facing ApplicationGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-56352
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 (2024-02-18), the broker mishandles protocol violations during CONNECT packet parsing. When receiving a CONNECT packet with a zero-length Client ID while CleanSession is set to 0, the broker correctly replies with a CONNACK return code 0x02 (Identifier Rejected) but fails to explicitly close the TCP connection. Since the surrounding connection teardown logic is not guaranteed to execute, each such invalid CONNECT attempt leaves the underlying socket open. Repeated attempts cause server-side resource exhaustion due to accumulating file descriptors and memory usage, potentially resulting in denial of service.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2025-56352
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-56352
请登录查看更多情报信息。
Same Patch Batch · n/a · 2026-05-18 · 13 CVEs total
| CVE-2026-8836 | 9.8 CRITICAL | lwIP snmpv3 USM snmp_msg.c snmp_parse_inbound_frame stack-based overflow |
| CVE-2026-36438 | 5.3 MEDIUM | Intelbras VIP-1230-D-G4 V2.800.00 信息泄露漏洞 |
| CVE-2026-26462 | Offline Hospital Management System 5.3.0远程代码执行漏洞 | |
| CVE-2026-39079 | PrestaShop UPS Shipping信息泄露漏洞 | |
| CVE-2025-57282 | ngrok 4.3.3/5.0.0-beta.2 命令注入漏洞 | |
| CVE-2023-24215 | NOVUS AirGate 4G v1.1.16越权获取管理员凭证漏洞 | |
| CVE-2026-41085 | Thermo Fisher Scientific Torrent Suite Dx权限提升漏洞 | |
| CVE-2026-38719 | OpENer越界读取漏洞 | |
| CVE-2026-29964 | HSC MailInspector v5.3.3-7 XSS漏洞 | |
| CVE-2026-29962 | HSC MailInspector v5.3.3-7本地文件包含漏洞 | |
| CVE-2026-29965 | HSC MailInspector 5.3.3-7 XSS漏洞 | |
| CVE-2026-29963 | HSC MailInspector 5.3.3-7路径遍历漏洞 |
IV. Related Vulnerabilities
V. Comments for CVE-2025-56352
No comments yet