Vulnerability Reporteclipse-mosquitto:2.0.21

eclipse-mosquitto:2.0.21-openssleclipse-mosquitto:2.0.21

DIGESTsha256:94f5a3d7deafa59fa3440d227ddad558f59d293c612138de841eec61bfa4d353

Executive Summary

Threat ScoreSAFE• Official Docker Hub image, pinned by digest (immutable).• No exposed vulnerabilities of moderate or high severity (max 5.9).• All post-exploit findings (CVE-2025-15467) are low severity (4.06) and irrelevant to MQTT broker operation.• Threat score is 0, indicating negligible risk.

0/100SAFE

ReputationOFFICIAL• Official Docker Hub Image• Pinned by digest (Immutable)

TRUSTED

This image is safe for production use. While 23 exposed and 28 post-exploit vulnerabilities are present, all are low severity (max 5.9) and none are exploitable in the Mosquitto context. The only identified CVEs (CVE-2025-15467) affect CMS/PKCS#7 parsing, which Mosquitto does not perform, so no practical risk exists.

Vulnerabilities

Vulnerability Log

51 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2025-9231	MEDIUM5.9	libssl3 3.3.3-r0 fixed in 3.3.5-r0	2.3% Low-Moderate Risk	Directly Exposed
CVE-2025-9230	MEDIUM5.6	libcrypto3 3.3.3-r0 fixed in 3.3.5-r0	1.8% Low-Moderate Risk	Directly Exposed
CVE-2025-9230	MEDIUM5.6	libssl3 3.3.3-r0 fixed in 3.3.5-r0	1.8% Low-Moderate Risk	Directly Exposed
CVE-2026-31790	MEDIUM5.02	libcrypto3 3.3.3-r0 fixed in 3.3.7-r0	1.0% Theoretical Threat	Directly Exposed
CVE-2025-15468	MEDIUM5.02	libcrypto3 3.3.3-r0 fixed in 3.3.6-r0	0.7% Theoretical Threat	Directly Exposed
CVE-2025-66199	MEDIUM5.02	libcrypto3 3.3.3-r0 fixed in 3.3.6-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2025-69420	MEDIUM5.02	libcrypto3 3.3.3-r0 fixed in 3.3.6-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-22796	MEDIUM5.02	libcrypto3 3.3.3-r0 fixed in 3.3.6-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-31790	MEDIUM5.02	libssl3 3.3.3-r0 fixed in 3.3.7-r0	1.0% Theoretical Threat	Directly Exposed
CVE-2025-15468	MEDIUM5.02	libssl3 3.3.3-r0 fixed in 3.3.6-r0	0.7% Theoretical Threat	Directly Exposed
CVE-2025-66199	MEDIUM5.02	libssl3 3.3.3-r0 fixed in 3.3.6-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2025-69420	MEDIUM5.02	libssl3 3.3.3-r0 fixed in 3.3.6-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-22796	MEDIUM5.02	libssl3 3.3.3-r0 fixed in 3.3.6-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-22795	MEDIUM4.67	libcrypto3 3.3.3-r0 fixed in 3.3.6-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-22795	MEDIUM4.67	libssl3 3.3.3-r0 fixed in 3.3.6-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-6042	MEDIUM4.67	musl 1.2.5-r9 fixed in 1.2.5-r10	0.2% Theoretical Threat	Directly Exposed
CVE-2026-27171	MEDIUM4.67	zlib 1.3.1-r2 fixed in 1.3.2-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2025-15467	MEDIUM4.06	libcrypto3 3.3.3-r0 fixed in 3.3.6-r0	48.7% High Exploitation Risk	Post-Exploit
CVE-2025-15467	MEDIUM4.06	libssl3 3.3.3-r0 fixed in 3.3.6-r0	48.7% High Exploitation Risk	Post-Exploit
CVE-2025-68160	MEDIUM4	libcrypto3 3.3.3-r0 fixed in 3.3.6-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2025-68160	MEDIUM4	libssl3 3.3.3-r0 fixed in 3.3.6-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-40200	LOW3.98	musl-utils 1.2.5-r9 fixed in 1.2.5-r11	0.1% Theoretical Threat	Post-Exploit
CVE-2025-69418	LOW3.4	libcrypto3 3.3.3-r0 fixed in 3.3.6-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2025-69418	LOW3.4	libssl3 3.3.3-r0 fixed in 3.3.6-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2025-9232	LOW3.1	libcrypto3 3.3.3-r0 fixed in 3.3.5-r0	2.0% Low-Moderate Risk	Directly Exposed
CVE-2025-9232	LOW3.1	libssl3 3.3.3-r0 fixed in 3.3.5-r0	2.0% Low-Moderate Risk	Directly Exposed
CVE-2026-31789	LOW3	libcrypto3 3.3.3-r0 fixed in 3.3.7-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-31789	LOW3	libssl3 3.3.3-r0 fixed in 3.3.7-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-6042	LOW2.8	musl-utils 1.2.5-r9 fixed in 1.2.5-r10	0.2% Theoretical Threat	Post-Exploit
CVE-2026-28387	LOW2.48	libcrypto3 3.3.3-r0 fixed in 3.3.7-r0	0.6% Theoretical Threat	Post-Exploit
CVE-2026-28387	LOW2.48	libssl3 3.3.3-r0 fixed in 3.3.7-r0	0.6% Theoretical Threat	Post-Exploit
CVE-2026-40200	LOW2.39	musl 1.2.5-r9 fixed in 1.2.5-r11	0.1% Theoretical Threat	Post-Exploit
CVE-2026-22184	LOW2.39	zlib 1.3.1-r2 fixed in 1.3.2-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2025-57052	LOW2.29	cjson 1.7.18-r0 fixed in 1.7.19-r0	0.7% Theoretical Threat	Post-Exploit
CVE-2025-69421	LOW2.29	libcrypto3 3.3.3-r0 fixed in 3.3.6-r0	0.8% Theoretical Threat	Post-Exploit
CVE-2026-28388	LOW2.29	libcrypto3 3.3.3-r0 fixed in 3.3.7-r0	0.9% Theoretical Threat	Post-Exploit
CVE-2026-28389	LOW2.29	libcrypto3 3.3.3-r0 fixed in 3.3.7-r0	0.8% Theoretical Threat	Post-Exploit
CVE-2026-28390	LOW2.29	libcrypto3 3.3.3-r0 fixed in 3.3.7-r0	0.8% Theoretical Threat	Post-Exploit
CVE-2025-69421	LOW2.29	libssl3 3.3.3-r0 fixed in 3.3.6-r0	0.8% Theoretical Threat	Post-Exploit
CVE-2026-28388	LOW2.29	libssl3 3.3.3-r0 fixed in 3.3.7-r0	0.9% Theoretical Threat	Post-Exploit
CVE-2026-28389	LOW2.29	libssl3 3.3.3-r0 fixed in 3.3.7-r0	0.8% Theoretical Threat	Post-Exploit
CVE-2026-28390	LOW2.29	libssl3 3.3.3-r0 fixed in 3.3.7-r0	0.8% Theoretical Threat	Post-Exploit
CVE-2025-69419	LOW2.26	libcrypto3 3.3.3-r0 fixed in 3.3.6-r0	0.4% Theoretical Threat	Post-Exploit
CVE-2025-69419	LOW2.26	libssl3 3.3.3-r0 fixed in 3.3.6-r0	0.4% Theoretical Threat	Post-Exploit
CVE-2025-9231	LOW2.12	libcrypto3 3.3.3-r0 fixed in 3.3.5-r0	2.3% Low-Moderate Risk	Post-Exploit
CVE-2025-46394	LOW1.68	busybox 1.37.0-r12 fixed in 1.37.0-r14	0.1% Theoretical Threat	Post-Exploit
CVE-2025-46394	LOW1.68	busybox-binsh 1.37.0-r12 fixed in 1.37.0-r14	0.1% Theoretical Threat	Post-Exploit
CVE-2025-46394	LOW1.68	ssl_client 1.37.0-r12 fixed in 1.37.0-r14	0.1% Theoretical Threat	Post-Exploit
CVE-2024-58251	NONE0	busybox 1.37.0-r12 fixed in 1.37.0-r14	0.2% Theoretical Threat	Not Applicable
CVE-2024-58251	NONE0	busybox-binsh 1.37.0-r12 fixed in 1.37.0-r14	0.2% Theoretical Threat	Not Applicable
CVE-2024-58251	NONE0	ssl_client 1.37.0-r12 fixed in 1.37.0-r14	0.2% Theoretical Threat	Not Applicable