CVE-2025-62601
Published: 03 February 2026
Summary
CVE-2025-62601 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Eprosima Fast Dds. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 5.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote heap buffer overflow in network-facing DDS component directly enables application/system exploitation resulting in DoS (availability impact only).
NVD Description
Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP…
more
packet sent by a publisher causes a heap buffer overflow, resulting in remote termination of Fast-DDS. If the fields of `PID_IDENTITY_TOKEN` or `PID_PERMISSIONS_TOKEN` in the DATA Submessage — specifically by tampering with the `str_size` value read by `readString` (called from `readBinaryProperty`) — are modified, a 32-bit integer overflow can occur, causing `std::vector::resize` to use an attacker-controlled size and quickly trigger heap buffer overflow and remote process term ination. Versions 3.4.1, 3.3.1, and 2.6.11 patch the issue.
Deeper analysisAI
CVE-2025-62601 is a heap buffer overflow vulnerability in Fast DDS, a C++ implementation of the OMG Data Distribution Service (DDS) standard. It affects versions prior to 3.4.1, 3.3.1, and 2.6.11 when security mode is enabled. The issue arises from modifying the DATA Submessage within an SPDP packet sent by a publisher, specifically by tampering with the `str_size` value in the `PID_IDENTITY_TOKEN` or `PID_PERMISSIONS_TOKEN` fields. This tampering, processed via `readString` called from `readBinaryProperty`, triggers a 32-bit integer overflow that causes `std::vector::resize` to allocate an attacker-controlled size, leading to the heap buffer overflow. The vulnerability is rated 7.5 on the CVSS v3.1 scale (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and maps to CWEs 122 (Heap-based Buffer Overflow) and 787 (Out-of-bounds Write).
A remote, unauthenticated attacker can exploit this vulnerability by crafting and sending a malformed SPDP packet to a targeted Fast DDS publisher with security enabled. No user interaction or privileges are required, enabling exploitation over the network with low complexity. Successful exploitation results in remote process termination via the heap buffer overflow, causing a denial-of-service condition on the affected Fast DDS instance.
Mitigation requires upgrading to Fast DDS versions 3.4.1, 3.3.1, or 2.6.11, which include patches addressing the integer overflow and buffer handling in the relevant submessage parsing code. The fixing commits are available at https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f1cf159ee37c5f, https://github.com/eProsima/Fast-DDS/commit/a726e6a5daba660418d1f7c05b6f203c17747d2b, and https://github.com/eProsima/Fast-DDS/commit/ced3b6f92d928af1eae77d5fe889878128ad421a. Additional tracking is provided by the Debian security team at https://security-tracker.debian.org/tracker/CVE-2025-62601.
Details
- CWE(s)