CVE-2025-62599

HIGH EPSS 27.9%
Published Feb 3, 20264mo ago · Modified Jun 17, 20261w ago
7.5 CVSS 3.1
High
Find Similar
Published Feb 3, 2026 4mo ago
Last Modified Jun 17, 2026 1w ago

Description

eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes an Out-Of-Memory (OOM) condition, resulting in remote termination of Fast-DDS. If the fields of PID_IDENTITY_TOKEN or PID_PERMISSION_TOKEN in the DATA Submessage — specifically by tampering with the length field in readPropertySeq — are modified, an integer overflow occurs, leading to an OOM during the resize operation. This vulnerability is fixed in 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1.

CVSS Details

Base Score
7.5
Exploitability
3.9
Impact
3.6
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
27.9% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 2

CWE-190 Integer Overflow or Wraparound Numeric Error
CWE-789

Affected Products 6

VendorProductVersionRange
eprosimafast_dds* <2.6.11
eprosimafast_dds*≥3.0.0  –  <3.3.1
eprosimafast_dds3.4.0any
debiandebian_linux11.0any
debiandebian_linux12.0any
debiandebian_linux13.0any

References 1

  • github.com https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-fc3f-wcj5-5cph

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.