Primary

Context

Rubygem MQTT Man-in-the-Middle Vulnerability Due to Missing Hostname Validation

Vulnerability

A vulnerability exists in Rubygem MQTT versions prior to 0.7.0, where the absence of hostname validation could lead to a Man-in-the-Middle (MITM) attack. This flaw allows an attacker to intercept and potentially alter communications between the client and server.

Impact

The lack of hostname validation could allow for Man-in-the-Middle attacks, where an attacker intercepts and possibly modifies the communication between two parties.

Remediation

Users can upgrade to Rubygem MQTT version 0.7.0 or later, which includes the necessary hostname validation to prevent this vulnerability. Instructions for updating the gem can be found in the RubyGems documentation.

Added: Nov 6, 2025, 9:55 PM

Updated: Nov 6, 2025, 9:55 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.0

remediation

0.0

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.0

remediation

0.0

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Rubygem MQTT Man-in-the-Middle Vulnerability Due to Missing Hostname Validation

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating