CVE-2025-62600

Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes an Out-Of-Memory (OOM) condition, resulting in remote termination of Fast-DDS. If t he fields of PID_IDENTITY_TOKEN or PID_PERMISSION_TOKEN in the DATA Submessage — specifically by tampering with the length field in readBinaryPropertySeq — are modified, an integer overflow occurs, leading to an OOM during the resize operation. Versions 3.4.1, 3.3.1, and 2.6.11 patch the issue.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f1cf159ee37c5f	Patch
https://github.com/eProsima/Fast-DDS/commit/a726e6a5daba660418d1f7c05b6f203c17747d2b	Patch
https://github.com/eProsima/Fast-DDS/commit/ced3b6f92d928af1eae77d5fe889878128ad421a	Patch
https://security-tracker.debian.org/tracker/CVE-2025-62600	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:eprosima:fast_dds::::::::
	cpe:2.3:a:eprosima:fast_dds::::::::
	cpe:2.3:a:eprosima:fast_dds:3.4.0:::::::*

Configuration 2 (hide)

OR	cpe:2.3:o:debian:debian_linux:11.0:::::::*
	cpe:2.3:o:debian:debian_linux:12.0:::::::*
	cpe:2.3:o:debian:debian_linux:13.0:::::::*

History

24 Feb 2026, 19:24

Type	Values Removed	Values Added
CPE		cpe:2.3:a:eprosima:fast_dds:3.4.0:::::::* cpe:2.3:o:debian:debian_linux:11.0:::::::* cpe:2.3:a:eprosima:fast_dds:::::::: cpe:2.3:o:debian:debian_linux:13.0:::::::* cpe:2.3:o:debian:debian_linux:12.0:::::::*
First Time		Debian debian Linux Eprosima Debian Eprosima fast Dds
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
References	~~() https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f1cf159ee37c5f -~~	() https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f1cf159ee37c5f - Patch
References	~~() https://github.com/eProsima/Fast-DDS/commit/a726e6a5daba660418d1f7c05b6f203c17747d2b -~~	() https://github.com/eProsima/Fast-DDS/commit/a726e6a5daba660418d1f7c05b6f203c17747d2b - Patch
References	~~() https://github.com/eProsima/Fast-DDS/commit/ced3b6f92d928af1eae77d5fe889878128ad421a -~~	() https://github.com/eProsima/Fast-DDS/commit/ced3b6f92d928af1eae77d5fe889878128ad421a - Patch
References	~~() https://security-tracker.debian.org/tracker/CVE-2025-62600 -~~	() https://security-tracker.debian.org/tracker/CVE-2025-62600 - Third Party Advisory
Summary		(es) Fast DDS es una implementación en C++ del estándar DDS (Data Distribution Service) de la OMG (Object Management Group). Antes de las versiones 3.4.1, 3.3.1 y 2.6.11, cuando el modo de seguridad está habilitado, modificar el Submensaje DATA dentro de un paquete SPDP enviado por un publicador causa una condición de falta de memoria (OOM), lo que resulta en la terminación remota de Fast-DDS. Si los campos de PID_IDENTITY_TOKEN o PID_PERMISSION_TOKEN en el Submensaje DATA — específicamente al manipular el campo de longitud en readBinaryPropertySeq — son modificados, ocurre un desbordamiento de entero, lo que lleva a una OOM durante la operación de redimensionamiento. Las versiones 3.4.1, 3.3.1 y 2.6.11 aplican un parche al problema.

03 Feb 2026, 19:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-03 19:16

Updated : 2026-02-24 19:24

NVD link : CVE-2025-62600

Mitre link : CVE-2025-62600

CVE.ORG link : CVE-2025-62600

JSON object : View

Products Affected

debian

debian_linux

eprosima

fast_dds

CWE

CWE-125

Out-of-bounds Read

CWE-190

Integer Overflow or Wraparound

7.5 /10