CVE-2025-62602
Published: 03 February 2026
Summary
CVE-2025-62602 is a low-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Eprosima Fast Dds. Its CVSS base score is 1.7 (Low).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 5.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2025-62602 is a heap buffer overflow vulnerability in Fast DDS, a C++ implementation of the OMG Data Distribution Service (DDS) standard. The issue affects versions prior to 3.4.1, 3.3.1, and 2.6.11 when security mode is enabled. It arises from modifying the DATA Submessage within an SPDP packet sent by a publisher, specifically by tampering with the fields of PID_IDENTITY_TOKEN or PID_PERMISSIONS_TOKEN. The function readOctetVector reads an unchecked vecsize value that is propagated unchanged into readData as the length parameter, allowing an attacker-controlled vecsize to trigger a 32-bit integer overflow during length calculation. This leads to a large allocation attempt, resulting in out-of-memory conditions and remote process termination. The vulnerability is rated 7.5 on the CVSS 3.1 scale (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and is associated with CWE-122 (Heap-based Buffer Overflow) and CWE-787 (Out-of-bounds Write).
An attacker can exploit this vulnerability remotely over the network without authentication or user interaction by crafting and sending a malicious SPDP packet with a tampered DATA Submessage. The integer overflow causes excessive memory allocation, quickly exhausting resources and terminating the Fast DDS process, enabling a denial-of-service attack. Exploitation requires the target to have security mode enabled and to process the malicious packet, which can occur in discovery phases of DDS communications.
Patches addressing this issue are available in Fast DDS versions 3.4.1, 3.3.1, and 2.6.11, as implemented in specific GitHub commits such as 354218514d32beac963ff5c306f1cf159ee37c5f, a726e6a5daba660418d1f7c05b6f203c17747d2b, and ced3b6f92d928af1eae77d5fe889878128ad421a. Security practitioners should upgrade to these versions for mitigation. Debian's security tracker also documents the CVE for affected packages.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-206657
Vulnerability details
Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP…
more
packet sent by a publisher causes a heap buffer overflow, resulting in remote termination of Fast-DDS. If the fields of `PID_IDENTITY_TOKEN` or `PID_PERMISSIONS_TOKEN` in the DATA Submessage are tampered with — specially `readOctetVector` reads an unchecked `vecsize` that is propagated unchanged into `readData` as the `length` parameter — the attacker-contro lled `vecsize` can trigger a 32-bit integer overflow during the `length` calculation. That overflow can cause large alloca tion attempt that quickly leads to OOM, enabling a remotely-triggerable denial-of-service and remote process termination. Versions 3.4.1, 3.3.1, and 2.6.11 patch the issue.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote heap overflow in network-facing DDS service directly enables application exploitation resulting in process termination/DoS.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the vulnerability by requiring timely application of patches available in Fast DDS versions 3.4.1, 3.3.1, and 2.6.11 that fix the unchecked vecsize propagation causing heap buffer overflow.
Mandates validation of untrusted inputs such as the attacker-controlled vecsize in DATA Submessages to prevent integer overflows and subsequent large memory allocations leading to OOM.
Provides denial-of-service protections tailored to remotely triggerable crashes from malformed SPDP packets, limiting the impact of resource exhaustion attacks on Fast DDS processes.