CVE-2024-42655: 
NixOS vulnerability analysis and mitigation

An access control issue has been identified in NanoMQ v0.21.10 that allows attackers to bypass security restrictions and access sensitive system topic messages using MQTT wildcard characters (NVD). The vulnerability was discovered and disclosed in July 2025, affecting the NanoMQ messaging broker, which is designed for IoT Edge & SDV applications (GitHub NanoMQ).

The vulnerability has been assigned a CVSS v3.1 Base Score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD). The issue stems from improper access control (CWE-284) in the system's handling of MQTT wildcard characters, which can be exploited to access restricted system topic messages.

The vulnerability allows attackers to access sensitive system topic messages, potentially compromising the confidentiality and integrity of the messaging system. Given the HIGH severity rating and the CVSS metrics, successful exploitation could lead to significant unauthorized access to system information (NVD).

Users are advised to upgrade from the affected version (v0.21.10) to a patched version of NanoMQ. The issue has been documented and tracked through the project's issue tracking system (GitHub Issue).