CVE-2025-0681

Medium

The Cloud MQTT service of the affected products supports wildcard topic subscription which could allow an attacker to obtain sensitive…

icscert·CWE-155·Published 2025-01-30

CVSS

6.2

EPSS

0.00

KEV

Exploits

cve.orgen

189 chars

The Cloud MQTT service of the affected products supports wildcard topic subscription which could allow an attacker to obtain sensitive information from tapping the service communications.

NVDen

189 chars

The Cloud MQTT service of the affected products supports wildcard topic subscription which could allow an attacker to obtain sensitive information from tapping the service communications.

El servicio Cloud MQTT de los productos afectados admite la suscripción a temas comodín, lo que podría permitir que un atacante obtenga información confidencial al interceptar las comunicaciones del servicio.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	6.2	—	—	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
3.1	Secondary	NVD	6.2	2.5	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
4.0	Primary	cve.org	6.9	—	—	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
4.0	Secondary	NVD	6.9	—	—	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X