CVE-2025-24807
Published: 11 February 2025
Summary
CVE-2025-24807 is a high-severity Insufficient Verification of Data Authenticity (CWE-345) vulnerability in Eprosima Fast Dds. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 24.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-17 (Public Key Infrastructure Certificates) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires validation of PKI certificates by verifying certification paths to trust anchors and status information, directly mitigating the lack of full chain and expiration validation for PermissionsCA certificates.
Mandates cryptographic integrity verification for software, firmware, and information, addressing the insufficient S/MIME signature and certificate validation that allows expired PermissionsCA to enable unauthorized access.
Requires timely flaw remediation including patching to fixed versions (2.6.10, 2.10.7, etc.), directly preventing exploitation of the certificate validation vulnerability in eProsima Fast DDS.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local low-privileged attacker supplies expired PermissionsCA to bypass access control validation, directly enabling unauthorized permissions/governance access (privilege escalation); crash impact is secondary.
NVD Description
eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.6.10, 2.10.7, 2.14.5, 3.0.2, 3.1.2, and 3.2.0, per design, PermissionsCA is not full chain validated, nor is…
more
the expiration date validated. Access control plugin validates only the S/MIME signature which causes an expired PermissionsCA to be taken as valid. Even though this issue is responsible for allowing `governance/permissions` from an expired PermissionsCA and having the system crash when PermissionsCA is not self-signed and contains the full-chain, the impact is low. Versions 2.6.10, 2.10.7, 2.14.5, 3.0.2, 3.1.2, and 3.2.0 contain a fix for the issue.
Deeper analysisAI
CVE-2025-24807 affects eProsima Fast DDS, a C++ implementation of the OMG Data Distribution Service (DDS) standard. In versions prior to 2.6.10, 2.10.7, 2.14.5, 3.0.2, 3.1.2, and 3.2.0, the access control plugin fails to perform full certificate chain validation or check expiration dates for PermissionsCA certificates. Instead, it only validates the S/MIME signature, allowing expired PermissionsCA certificates to be treated as valid. This issue, tied to CWE-345 (Insufficient Verification of Data Authenticity), carries a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H).
A local attacker with low privileges can exploit this vulnerability by supplying an expired PermissionsCA, enabling unauthorized governance or permissions access. Under specific conditions—such as a non-self-signed PermissionsCA with a full chain—the system may also crash. While the description notes low overall impact, successful exploitation compromises integrity and availability without affecting confidentiality.
The eProsima Fast DDS security advisory (GHSA-w33g-jmm2-8983) and associated pull request (#5530) detail the fix implemented in versions 2.6.10, 2.10.7, 2.14.5, 3.0.2, 3.1.2, and 3.2.0, which add proper chain and expiration validation in components like Permissions.cpp and PKIDH.cpp. Security practitioners should prioritize upgrading affected deployments to these patched releases.
Details
- CWE(s)