CVE-2025-62601

LOW EPSS 40.6%
Published Feb 3, 20264mo ago · Modified Jun 17, 20261w ago
1.7 CVSS 4.0
Low
Find Similar
Published Feb 3, 2026 4mo ago
Last Modified Jun 17, 2026 1w ago

Description

Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes a heap buffer overflow, resulting in remote termination of Fast-DDS. If the fields of `PID_IDENTITY_TOKEN` or `PID_PERMISSIONS_TOKEN` in the DATA Submessage — specifically by tampering with the `str_size` value read by `readString` (called from `readBinaryProperty`) — are modified, a 32-bit integer overflow can occur, causing `std::vector::resize` to use an attacker-controlled size and quickly trigger heap buffer overflow and remote process term ination. Versions 3.4.1, 3.3.1, and 2.6.11 patch the issue.

CVSS Details

Base Score
1.7
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
40.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 2

CWE-122
CWE-787 Out-of-bounds Write Memory Safety

Affected Products 3

VendorProductVersionRange
eprosimafast_dds* <2.6.11
eprosimafast_dds*≥3.0.0  –  <3.3.1
eprosimafast_dds3.4.0any

References 4

  • github.com https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f1cf159ee37c5f
    Patch
  • github.com https://github.com/eProsima/Fast-DDS/commit/a726e6a5daba660418d1f7c05b6f203c17747d2b
    Patch
  • github.com https://github.com/eProsima/Fast-DDS/commit/ced3b6f92d928af1eae77d5fe889878128ad421a
    Patch
  • security-tracker.debian.org https://security-tracker.debian.org/tracker/CVE-2025-62601
    Third Party Advisory

Remediation

  • github.com https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f1cf159ee37c5f
    Patch
  • github.com https://github.com/eProsima/Fast-DDS/commit/a726e6a5daba660418d1f7c05b6f203c17747d2b
    Patch
  • github.com https://github.com/eProsima/Fast-DDS/commit/ced3b6f92d928af1eae77d5fe889878128ad421a
    Patch