CVE-2025-64098

Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes an Out-Of-Memory (OOM) condition, resulting in remote termination of Fast-DDS. If t he fields of `PID_IDENTITY_TOKEN` or `PID_PERMISSIONS_TOKEN` in the DATA Submessage are tampered with — specifically by ta mpering with the the `vecsize` value read by `readOctetVector` — a 32-bit integer overflow can occur, causing `std::vector ::resize` to request an attacker-controlled size and quickly trigger OOM and remote process termination. Versions 3.4.1, 3 .3.1, and 2.6.11 patch the issue.

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f1cf159ee37c5f	Patch
https://github.com/eProsima/Fast-DDS/commit/a726e6a5daba660418d1f7c05b6f203c17747d2b	Patch
https://github.com/eProsima/Fast-DDS/commit/ced3b6f92d928af1eae77d5fe889878128ad421a	Patch
https://security-tracker.debian.org/tracker/CVE-2025-64098	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:eprosima:fast_dds::::::::
	cpe:2.3:a:eprosima:fast_dds::::::::
	cpe:2.3:a:eprosima:fast_dds:3.4.0:::::::*

Configuration 2 (hide)

OR	cpe:2.3:o:debian:debian_linux:11.0:::::::*
	cpe:2.3:o:debian:debian_linux:12.0:::::::*
	cpe:2.3:o:debian:debian_linux:13.0:::::::*

History

18 Feb 2026, 16:15

Type	Values Removed	Values Added
First Time		Debian debian Linux Debian
CPE		cpe:2.3:o:debian:debian_linux:13.0:::::::* cpe:2.3:o:debian:debian_linux:11.0:::::::* cpe:2.3:o:debian:debian_linux:12.0:::::::*

18 Feb 2026, 16:05

Type	Values Removed	Values Added
CPE		cpe:2.3:a:eprosima:fast_dds:3.4.0:::::::* cpe:2.3:a:eprosima:fast_dds::::::::
First Time		Eprosima Eprosima fast Dds
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.9
References	~~() https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f1cf159ee37c5f -~~	() https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f1cf159ee37c5f - Patch
References	~~() https://github.com/eProsima/Fast-DDS/commit/a726e6a5daba660418d1f7c05b6f203c17747d2b -~~	() https://github.com/eProsima/Fast-DDS/commit/a726e6a5daba660418d1f7c05b6f203c17747d2b - Patch
References	~~() https://github.com/eProsima/Fast-DDS/commit/ced3b6f92d928af1eae77d5fe889878128ad421a -~~	() https://github.com/eProsima/Fast-DDS/commit/ced3b6f92d928af1eae77d5fe889878128ad421a - Patch
References	~~() https://security-tracker.debian.org/tracker/CVE-2025-64098 -~~	() https://security-tracker.debian.org/tracker/CVE-2025-64098 - Third Party Advisory
Summary		(es) Fast DDS es una implementación en C++ del estándar DDS (Data Distribution Service) de la OMG (Object Management Group). Antes de las versiones 3.4.1, 3.3.1 y 2.6.11, cuando el modo de seguridad está habilitado, modificar el Submensaje DATA dentro de un paquete SPDP enviado por un publicador causa una condición de Out-Of-Memory (OOM), lo que resulta en la terminación remota de Fast-DDS. Si los campos de PID_IDENTITY_TOKEN o PID_PERMISSIONS_TOKEN en el Submensaje DATA son manipulados — específicamente al manipular el valor vecsize leído por readOctetVector — puede ocurrir un desbordamiento de entero de 32 bits, haciendo que std::vector::resize solicite un tamaño controlado por el atacante y desencadene rápidamente OOM y la terminación remota del proceso. Las versiones 3.4.1, 3.3.1 y 2.6.11 parchean el problema.

03 Feb 2026, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-03 20:15

Updated : 2026-02-18 16:15

NVD link : CVE-2025-64098

Mitre link : CVE-2025-64098

CVE.ORG link : CVE-2025-64098

JSON object : View

Products Affected

debian

debian_linux

eprosima

fast_dds

CWE

CWE-125

Out-of-bounds Read

CWE-190

Integer Overflow or Wraparound

5.9 /10