CVE-2025-62600

eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes an Out-Of-Memory (OOM) condition, resulting in remote termination of Fast-DDS. If the fields of PID_IDENTITY_TOKEN or PID_PERMISSION_TOKEN in the DATA Submessage — specifically by tampering with the length field in readBinaryPropertySeq— are modified, an integer overflow occurs, leading to an OOM during the resize operation. This vulnerability is fixed in 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1.

CVSS v3 8.6 HIGH

8.6^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-hvm8-mm7f-m6hc
https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-hvm8-mm7f-m6hc

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:eprosima:fast_dds::::::::
	cpe:2.3:a:eprosima:fast_dds::::::::
	cpe:2.3:a:eprosima:fast_dds:3.4.0:::::::*

Configuration 2 (hide)

OR	cpe:2.3:o:debian:debian_linux:11.0:::::::*
	cpe:2.3:o:debian:debian_linux:12.0:::::::*
	cpe:2.3:o:debian:debian_linux:13.0:::::::*

History

14 Apr 2026, 16:16

Type	Values Removed	Values Added
References	~~() https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-hvm8-mm7f-m6hc -~~	() https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-hvm8-mm7f-m6hc -

09 Apr 2026, 18:16

Type	Values Removed	Values Added
References	~~{'url': 'https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f1cf159ee37c5f', 'tags': ['Patch'], 'source': 'security-advisories@github.com'}~~ ~~{'url': 'https://github.com/eProsima/Fast-DDS/commit/a726e6a5daba660418d1f7c05b6f203c17747d2b', 'tags': ['Patch'], 'source': 'security-advisories@github.com'}~~ ~~{'url': 'https://github.com/eProsima/Fast-DDS/commit/ced3b6f92d928af1eae77d5fe889878128ad421a', 'tags': ['Patch'], 'source': 'security-advisories@github.com'}~~ ~~{'url': 'https://security-tracker.debian.org/tracker/CVE-2025-62600', 'tags': ['Third Party Advisory'], 'source': 'security-advisories@github.com'}~~	() https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-hvm8-mm7f-m6hc -
CWE	~~CWE-125~~	CWE-789
Summary	(en) Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes an Out-Of-Memory (OOM) condition, resulting in remote termination of Fast-DDS. If t he fields of PID_IDENTITY_TOKEN or PID_PERMISSION_TOKEN in the DATA Submessage — specifically by tampering with the length field in readBinaryPropertySeq — are modified, an integer overflow occurs, leading to an OOM during the resize operation. Versions 3.4.1, 3.3.1, and 2.6.11 patch the issue.	(en) eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes an Out-Of-Memory (OOM) condition, resulting in remote termination of Fast-DDS. If the fields of PID_IDENTITY_TOKEN or PID_PERMISSION_TOKEN in the DATA Submessage — specifically by tampering with the length field in readBinaryPropertySeq— are modified, an integer overflow occurs, leading to an OOM during the resize operation. This vulnerability is fixed in 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1.
CVSS	v2 : ~~unknown~~ v3 : ~~7.5~~	v2 : unknown v3 : 8.6

24 Feb 2026, 19:24

Type	Values Removed	Values Added
CPE		cpe:2.3:a:eprosima:fast_dds:3.4.0:::::::* cpe:2.3:o:debian:debian_linux:11.0:::::::* cpe:2.3:a:eprosima:fast_dds:::::::: cpe:2.3:o:debian:debian_linux:13.0:::::::* cpe:2.3:o:debian:debian_linux:12.0:::::::*
Summary		(es) Fast DDS es una implementación en C++ del estándar DDS (Data Distribution Service) de la OMG (Object Management Group). Antes de las versiones 3.4.1, 3.3.1 y 2.6.11, cuando el modo de seguridad está habilitado, modificar el Submensaje DATA dentro de un paquete SPDP enviado por un publicador causa una condición de falta de memoria (OOM), lo que resulta en la terminación remota de Fast-DDS. Si los campos de PID_IDENTITY_TOKEN o PID_PERMISSION_TOKEN en el Submensaje DATA — específicamente al manipular el campo de longitud en readBinaryPropertySeq — son modificados, ocurre un desbordamiento de entero, lo que lleva a una OOM durante la operación de redimensionamiento. Las versiones 3.4.1, 3.3.1 y 2.6.11 aplican un parche al problema.
First Time		Debian debian Linux Eprosima Debian Eprosima fast Dds
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
References	~~() https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f1cf159ee37c5f -~~	() https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f1cf159ee37c5f - Patch
References	~~() https://github.com/eProsima/Fast-DDS/commit/a726e6a5daba660418d1f7c05b6f203c17747d2b -~~	() https://github.com/eProsima/Fast-DDS/commit/a726e6a5daba660418d1f7c05b6f203c17747d2b - Patch
References	~~() https://github.com/eProsima/Fast-DDS/commit/ced3b6f92d928af1eae77d5fe889878128ad421a -~~	() https://github.com/eProsima/Fast-DDS/commit/ced3b6f92d928af1eae77d5fe889878128ad421a - Patch
References	~~() https://security-tracker.debian.org/tracker/CVE-2025-62600 -~~	() https://security-tracker.debian.org/tracker/CVE-2025-62600 - Third Party Advisory

03 Feb 2026, 19:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-03 19:16

Updated : 2026-04-14 16:16

NVD link : CVE-2025-62600

Mitre link : CVE-2025-62600

CVE.ORG link : CVE-2025-62600

JSON object : View

Products Affected

debian

debian_linux

eprosima

fast_dds

CWE

CWE-190

Integer Overflow or Wraparound

CWE-789

Memory Allocation with Excessive Size Value

8.6 /10