CVE Alert: CVE-2025-12790 - Red Hat - Red Hat Satellite 6

CVE-2025-12790

HIGHNo exploitation known

A flaw was found in Rubygem MQTT. By default, the package used to not have hostname validation, resulting in possible Man-in-the-Middle (MITM) attack.

CVSS v3.1 (7.4)

AV NETWORK · AC HIGH · PR NONE · UI NONE · S UNCHANGED

Vendor

Red Hat, Red Hat

Product

Red Hat Satellite 6, Red Hat Satellite 6

Versions

Not specified

CWE

CWE-29, Path Traversal: ‘..filename’

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Published

2025-11-06T21:07:34.970Z

Updated

2025-11-06T21:30:09.639Z

cpe:/a:redhat:satellite:6cpe:/a:redhat:satellite:6

References

https://access.redhat.com/security/cve/CVE-2025-12790

https://bugzilla.redhat.com/show_bug.cgi?id=2413004

https://github.com/njh/ruby-mqtt/blob/main/NEWS.md#ruby-mqtt-version-070-2025-10-29

AI Summary Analysis

Risk verdict

Moderate risk overall; no active exploitation signals, but a network-based MITM vulnerability with high potential impact if exploited.

Why this matters

In enterprise setups using Red Hat Satellite with MQTT components, an attacker who can position themselves on the network could eavesdrop or tamper with MQTT traffic, compromising confidentiality and integrity. This is particularly concerning for telemetry, credentials, or commands traversing MQTT paths, potentially enabling data leakage or injection of misleading data.

Most likely attack path

Adversaries need network access to the MQTT client–broker path and can exploit by presenting a forged certificate or manipulating DNS to intercept traffic. Because no user interaction or privileges are required, remote compromise is feasible in adjacent networks or misconfigured segments, leading to MITM and altered message streams.

Who is most exposed

Organizations with on‑premise Red Hat Satellite 6 deployments or MQTT‑based integrations within enterprise networks are at higher risk; environments with internal IoT/edge deployments using this gem are also relevant.

Detection ideas

TLS handshake anomalies or certificate validation errors on MQTT traffic
Unexpected certificate chains or MITM indicators in network captures
Increased failed authentications or unusual broker connections
Unexpected changes in rubygem-mqtt package versions
Anomalous MQTT message integrity or content alterations

Mitigation and prioritisation

Apply the vendor patch or upgrade rubygem-mqtt to the latest released version.
Validate TLS configurations; enable strict server-name verification and certificate pinning where feasible.
Segment networks to constrain MQTT traffic to trusted hosts; review broker/client trust boundaries.
Prioritise patching during the next maintenance window; align with change-control processes.
If KEV or EPSS indicators become active (or EPSS ≥ 0.5), treat as priority 1 and accelerate remediation.

Support Our Work

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.

AI APIs OSINT driven New features

Buy Me A Coffee Patreon

Tags: CVE, cve-2025-12790, OSINT, red-hat, red-hat-satellite-6, threatintel