CVE-2025-62599

eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes an Out-Of-Memory (OOM) condition, resulting in remote termination of Fast-DDS. If the fields of PID_IDENTITY_TOKEN or PID_PERMISSION_TOKEN in the DATA Submessage — specifically by tampering with the length field in readPropertySeq — are modified, an integer overflow occurs, leading to an OOM during the resize operation. This vulnerability is fixed in 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1.

CVSS v3 8.6 HIGH

8.6^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-fc3f-wcj5-5cph

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:eprosima:fast_dds::::::::
	cpe:2.3:a:eprosima:fast_dds::::::::
	cpe:2.3:a:eprosima:fast_dds:3.4.0:::::::*

Configuration 2 (hide)

OR	cpe:2.3:o:debian:debian_linux:11.0:::::::*
	cpe:2.3:o:debian:debian_linux:12.0:::::::*
	cpe:2.3:o:debian:debian_linux:13.0:::::::*

History

09 Apr 2026, 18:16

Type	Values Removed	Values Added
CWE	~~CWE-125~~	CWE-789
CVSS	v2 : ~~unknown~~ v3 : ~~7.5~~	v2 : unknown v3 : 8.6
Summary	(en) Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes an Out-Of-Memory (OOM) condition, resulting in remote termination of Fast-DDS. If t he fields of PID_IDENTITY_TOKEN or PID_PERMISSION_TOKEN in the DATA Submessage — specifically by tampering with the length field in readPropertySeq — are modified, an integer overflow occurs, leading to an OOM during the resize operation. Versi ons 3.4.1, 3.3.1, and 2.6.11 patch the issue.	(en) eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes an Out-Of-Memory (OOM) condition, resulting in remote termination of Fast-DDS. If the fields of PID_IDENTITY_TOKEN or PID_PERMISSION_TOKEN in the DATA Submessage — specifically by tampering with the length field in readPropertySeq — are modified, an integer overflow occurs, leading to an OOM during the resize operation. This vulnerability is fixed in 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1.
References	~~{'url': 'https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f1cf159ee37c5f', 'tags': ['Patch'], 'source': 'security-advisories@github.com'}~~ ~~{'url': 'https://github.com/eProsima/Fast-DDS/commit/a726e6a5daba660418d1f7c05b6f203c17747d2b', 'tags': ['Patch'], 'source': 'security-advisories@github.com'}~~ ~~{'url': 'https://github.com/eProsima/Fast-DDS/commit/ced3b6f92d928af1eae77d5fe889878128ad421a', 'tags': ['Patch'], 'source': 'security-advisories@github.com'}~~ ~~{'url': 'https://security-tracker.debian.org/tracker/CVE-2025-62599', 'tags': ['Third Party Advisory'], 'source': 'security-advisories@github.com'}~~	() https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-fc3f-wcj5-5cph -

24 Feb 2026, 19:47

Type	Values Removed	Values Added
References	~~() https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f1cf159ee37c5f -~~	() https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f1cf159ee37c5f - Patch
References	~~() https://github.com/eProsima/Fast-DDS/commit/a726e6a5daba660418d1f7c05b6f203c17747d2b -~~	() https://github.com/eProsima/Fast-DDS/commit/a726e6a5daba660418d1f7c05b6f203c17747d2b - Patch
References	~~() https://github.com/eProsima/Fast-DDS/commit/ced3b6f92d928af1eae77d5fe889878128ad421a -~~	() https://github.com/eProsima/Fast-DDS/commit/ced3b6f92d928af1eae77d5fe889878128ad421a - Patch
References	~~() https://security-tracker.debian.org/tracker/CVE-2025-62599 -~~	() https://security-tracker.debian.org/tracker/CVE-2025-62599 - Third Party Advisory
Summary		(es) Fast DDS es una implementación en C++ del estándar DDS (Data Distribution Service) del OMG (Object Management Group). Antes de las versiones 3.4.1, 3.3.1 y 2.6.11, cuando el modo de seguridad está habilitado, la modificación del Submensaje DATA dentro de un paquete SPDP enviado por un publicador provoca una condición de falta de memoria (OOM), lo que resulta en la terminación remota de Fast-DDS. Si se modifican los campos de PID_IDENTITY_TOKEN o PID_PERMISSION_TOKEN en el Submensaje DATA —específicamente al manipular el campo de longitud en readPropertySeq—, se produce un desbordamiento de entero, lo que lleva a una OOM durante la operación de redimensionamiento. Las versiones 3.4.1, 3.3.1 y 2.6.11 parchean el problema.
CPE		cpe:2.3:a:eprosima:fast_dds:3.4.0:::::::* cpe:2.3:o:debian:debian_linux:11.0:::::::* cpe:2.3:a:eprosima:fast_dds:::::::: cpe:2.3:o:debian:debian_linux:13.0:::::::* cpe:2.3:o:debian:debian_linux:12.0:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
First Time		Debian debian Linux Eprosima Debian Eprosima fast Dds

03 Feb 2026, 18:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-03 18:16

Updated : 2026-04-09 18:16

NVD link : CVE-2025-62599

Mitre link : CVE-2025-62599

CVE.ORG link : CVE-2025-62599

JSON object : View

Products Affected

debian

debian_linux

eprosima

fast_dds

CWE

CWE-190

Integer Overflow or Wraparound

CWE-789

Memory Allocation with Excessive Size Value

8.6 /10