CVE-2025-62600
Published: 03 February 2026
Summary
CVE-2025-62600 is a high-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Eprosima Fast Dds. Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 5.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Timely remediation by upgrading to patched Fast DDS versions (2.6.11, 2.14.6, 3.2.4, 3.3.1, 3.4.1) eliminates the integer overflow in readBinaryPropertySeq that causes OOM.
Validating length fields in PID_IDENTITY_TOKEN and PID_PERMISSION_TOKEN of incoming SPDP packet DATA Submessages prevents integer overflows during resize operations.
Denial-of-service protections such as network rate limiting and memory resource quotas mitigate remote OOM crashes from crafted SPDP packets.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct remote exploitation of integer overflow in DDS security processing leads to OOM process termination, matching application/system exploitation for endpoint DoS.
NVD Description
eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1, when the security mode is enabled, modifying the DATA Submessage within an…
more
SPDP packet sent by a publisher causes an Out-Of-Memory (OOM) condition, resulting in remote termination of Fast-DDS. If the fields of PID_IDENTITY_TOKEN or PID_PERMISSION_TOKEN in the DATA Submessage — specifically by tampering with the length field in readBinaryPropertySeq— are modified, an integer overflow occurs, leading to an OOM during the resize operation. This vulnerability is fixed in 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1.
Deeper analysisAI
CVE-2025-62600 affects eProsima Fast DDS, a C++ implementation of the OMG Data Distribution Service (DDS) standard. In versions prior to 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1, the vulnerability arises when security mode is enabled and an attacker modifies the DATA Submessage within an SPDP packet sent by a publisher. Specifically, tampering with the length field in the readBinaryPropertySeq function for PID_IDENTITY_TOKEN or PID_PERMISSION_TOKEN fields triggers an integer overflow (CWE-190), leading to an out-of-memory (OOM) condition (CWE-789) during a resize operation. This results in remote termination of the Fast DDS process. The issue carries a CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).
A remote, unauthenticated attacker can exploit this vulnerability by crafting and sending a tampered SPDP packet over the network to a targeted Fast DDS instance with security enabled. No user interaction is required, and the attack has low complexity. Successful exploitation causes an OOM denial-of-service, terminating the affected process and potentially disrupting DDS-based communications in real-time systems.
The vulnerability is addressed in Fast DDS versions 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1, as detailed in the eProsima security advisory at https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-hvm8-mm7f-m6hc. Security practitioners should upgrade to a patched version to mitigate the risk.
Details
- CWE(s)