CVE-2025-62599
Published: 03 February 2026
Summary
CVE-2025-62599 is a high-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Eprosima Fast Dds. Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 5.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the vulnerability by identifying and applying patches to vulnerable Fast DDS versions as specified in the security advisory.
Enforces validation of incoming DDS protocol inputs to reject malformed SPDP packets with tampered length fields in PID_IDENTITY_TOKEN or PID_PERMISSION_TOKEN, preventing integer overflow and OOM.
Implements network and management controls to limit or detect crafted packets causing denial-of-service via remote process termination in Fast DDS security mode.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Malformed SPDP packet triggers integer overflow/OOM crash in Fast DDS (remote, unauth), directly enabling application exploitation for endpoint DoS.
NVD Description
eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1, when the security mode is enabled, modifying the DATA Submessage within an…
more
SPDP packet sent by a publisher causes an Out-Of-Memory (OOM) condition, resulting in remote termination of Fast-DDS. If the fields of PID_IDENTITY_TOKEN or PID_PERMISSION_TOKEN in the DATA Submessage — specifically by tampering with the length field in readPropertySeq — are modified, an integer overflow occurs, leading to an OOM during the resize operation. This vulnerability is fixed in 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1.
Deeper analysisAI
eProsima Fast DDS, a C++ implementation of the OMG Data Distribution Service (DDS) standard, is affected by CVE-2025-62599 in versions prior to 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1. The vulnerability stems from an integer overflow (CWE-190) and uncontrolled memory allocation (CWE-789) when security mode is enabled. Specifically, modifying the DATA Submessage within an SPDP packet sent by a publisher—by tampering with the length field in the readPropertySeq of PID_IDENTITY_TOKEN or PID_PERMISSION_TOKEN—triggers an out-of-memory (OOM) condition during a resize operation, resulting in remote termination of the Fast DDS process. The issue carries a CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).
Any unauthenticated network attacker can exploit this vulnerability with low attack complexity and no user interaction. By crafting and sending a malformed SPDP packet to a vulnerable Fast DDS instance operating in security mode, the attacker induces the integer overflow, leading to excessive memory allocation and subsequent process crash, achieving a denial-of-service (DoS) on availability with a changed scope that may impact dependent components or systems.
The eProsima Fast DDS security advisory (https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-fc3f-wcj5-5cph) confirms the vulnerability and states that it is addressed in versions 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1. Mitigation requires upgrading to one of these patched releases, as no other workarounds are specified.
Details
- CWE(s)