CVE-2025-62601
Published: 03 February 2026
Summary
CVE-2025-62601 is a low-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Eprosima Fast Dds. Its CVSS base score is 1.7 (Low).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 2.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-62601 is a heap buffer overflow vulnerability in Fast DDS, a C++ implementation of the OMG Data Distribution Service (DDS) standard. It affects versions prior to 3.4.1, 3.3.1, and 2.6.11 when security mode is enabled. The issue arises from modifying the DATA Submessage within an SPDP packet sent by a publisher, specifically by tampering with the `str_size` value in the `PID_IDENTITY_TOKEN` or `PID_PERMISSIONS_TOKEN` fields. This tampering, processed via `readString` called from `readBinaryProperty`, triggers a 32-bit integer overflow that causes `std::vector::resize` to allocate an attacker-controlled size, leading to the heap buffer overflow. The vulnerability is rated 7.5 on the CVSS v3.1 scale (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and maps to CWEs 122 (Heap-based Buffer Overflow) and 787 (Out-of-bounds Write).
A remote, unauthenticated attacker can exploit this vulnerability by crafting and sending a malformed SPDP packet to a targeted Fast DDS publisher with security enabled. No user interaction or privileges are required, enabling exploitation over the network with low complexity. Successful exploitation results in remote process termination via the heap buffer overflow, causing a denial-of-service condition on the affected Fast DDS instance.
Mitigation requires upgrading to Fast DDS versions 3.4.1, 3.3.1, or 2.6.11, which include patches addressing the integer overflow and buffer handling in the relevant submessage parsing code. The fixing commits are available at https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f1cf159ee37c5f, https://github.com/eProsima/Fast-DDS/commit/a726e6a5daba660418d1f7c05b6f203c17747d2b, and https://github.com/eProsima/Fast-DDS/commit/ced3b6f92d928af1eae77d5fe889878128ad421a. Additional tracking is provided by the Debian security team at https://security-tracker.debian.org/tracker/CVE-2025-62601.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-206631
Vulnerability details
Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP…
more
packet sent by a publisher causes a heap buffer overflow, resulting in remote termination of Fast-DDS. If the fields of `PID_IDENTITY_TOKEN` or `PID_PERMISSIONS_TOKEN` in the DATA Submessage — specifically by tampering with the `str_size` value read by `readString` (called from `readBinaryProperty`) — are modified, a 32-bit integer overflow can occur, causing `std::vector::resize` to use an attacker-controlled size and quickly trigger heap buffer overflow and remote process term ination. Versions 3.4.1, 3.3.1, and 2.6.11 patch the issue.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote heap buffer overflow in network-facing DDS component directly enables application/system exploitation resulting in DoS (availability impact only).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Flaw remediation directly mitigates this CVE by requiring timely patching to Fast DDS versions 3.4.1, 3.3.1, or 2.6.11 that fix the integer overflow and heap buffer overflow in SPDP packet parsing.
Information input validation prevents the heap buffer overflow by validating fields like str_size in PID_IDENTITY_TOKEN or PID_PERMISSIONS_TOKEN before processing in readString and readBinaryProperty.
Memory protection mechanisms such as address space layout randomization or heap canaries provide secondary mitigation against exploitation of the heap buffer overflow triggered by attacker-controlled vector resize.