{"id":"CVE-2025-65503","details":"Use after free in endpoint destructors in Redboltz async_mqtt 10.2.5 allows local users to cause a denial of service via triggering SSL initialization failure that results in incorrect destruction order between io_context and endpoint objects.","modified":"2026-03-13T03:41:20.089801Z","published":"2025-11-24T14:15:48.253Z","references":[{"type":"FIX","url":"https://github.com/redboltz/async_mqtt/issues/436"},{"type":"FIX","url":"https://github.com/redboltz/async_mqtt/pull/437"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/redboltz/async_mqtt","events":[{"introduced":"0"},{"last_affected":"deeb7e36df859af0e90d2462012c48465ba49f0f"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"10.2.5"}]}}],"versions":["1.0.0","1.0.1","1.0.2","1.0.3","1.0.4","1.0.5","1.0.6","1.0.7","1.0.8","1.0.9","10.0.0","10.1.0","10.2.0","10.2.1","10.2.2","10.2.3","10.2.4","10.2.5","2.0.0","3.0.0","4.0.0","4.1.0","5.0.0","5.1.0","5.1.1","5.1.2","6.0.0","7.0.0","8.0.0","8.0.1","9.0.0","9.0.1","9.0.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-65503.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}