Thales Unsecured MQTT Communication Vulnerability Allowing Topic Manipulation

Vulnerability

A vulnerability exists in Thales products that utilize the MQTT communications protocol, where an attacker with network access and valid credentials can exploit unencrypted MQTT messages to write on server topics that manage MQTT communications. This flaw arises from the lack of encryption in the MQTT protocol, leaving the communication open to interception and manipulation.

Impact

Exploitation of this vulnerability allows for unauthorized writing on server topics via the MQTT protocol, potentially leading to further manipulation or disruption of the MQTT communication flow.

Added: Jan 7, 2026, 5:29 PM

Updated: Jan 7, 2026, 5:29 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

0.0

relevance

1.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

0.0

relevance

1.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Thales Unsecured MQTT Communication Vulnerability Allowing Topic Manipulation

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating