CVE-2025-62599

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

ast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes an Out-Of-Memory (OOM) condition, resulting in remote termination of Fast-DDS. If t he fields of PID_IDENTITY_TOKEN or PID_PERMISSION_TOKEN in the DATA Submessage — specifically by tampering with the length field in readPropertySeq — are modified, an integer overflow occurs, leading to an OOM during the resize operation. Versi ons 3.4.1, 3.3.1, and 2.6.11 patch the issue.

References

Link	Resource
https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f1cf159ee37c5f	Patch
https://github.com/eProsima/Fast-DDS/commit/a726e6a5daba660418d1f7c05b6f203c17747d2b	Patch
https://github.com/eProsima/Fast-DDS/commit/ced3b6f92d928af1eae77d5fe889878128ad421a	Patch
https://security-tracker.debian.org/tracker/CVE-2025-62599	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:eprosima:fast_dds::::::::
	cpe:2.3:a:eprosima:fast_dds::::::::
	cpe:2.3:a:eprosima:fast_dds:3.4.0:::::::*

Configuration 2 (hide)

OR	cpe:2.3:o:debian:debian_linux:11.0:::::::*
	cpe:2.3:o:debian:debian_linux:12.0:::::::*
	cpe:2.3:o:debian:debian_linux:13.0:::::::*

History

24 Feb 2026, 19:47

Type	Values Removed	Values Added
CPE		cpe:2.3:a:eprosima:fast_dds:::::::: cpe:2.3:o:debian:debian_linux:12.0:::::::* cpe:2.3:a:eprosima:fast_dds:3.4.0:::::::* cpe:2.3:o:debian:debian_linux:13.0:::::::* cpe:2.3:o:debian:debian_linux:11.0:::::::*
References	~~() https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f1cf159ee37c5f -~~	() https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f1cf159ee37c5f - Patch
References	~~() https://github.com/eProsima/Fast-DDS/commit/a726e6a5daba660418d1f7c05b6f203c17747d2b -~~	() https://github.com/eProsima/Fast-DDS/commit/a726e6a5daba660418d1f7c05b6f203c17747d2b - Patch
References	~~() https://github.com/eProsima/Fast-DDS/commit/ced3b6f92d928af1eae77d5fe889878128ad421a -~~	() https://github.com/eProsima/Fast-DDS/commit/ced3b6f92d928af1eae77d5fe889878128ad421a - Patch
References	~~() https://security-tracker.debian.org/tracker/CVE-2025-62599 -~~	() https://security-tracker.debian.org/tracker/CVE-2025-62599 - Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
Summary		(es) Fast DDS es una implementación en C++ del estándar DDS (Data Distribution Service) del OMG (Object Management Group). Antes de las versiones 3.4.1, 3.3.1 y 2.6.11, cuando el modo de seguridad está habilitado, la modificación del Submensaje DATA dentro de un paquete SPDP enviado por un publicador provoca una condición de falta de memoria (OOM), lo que resulta en la terminación remota de Fast-DDS. Si se modifican los campos de PID_IDENTITY_TOKEN o PID_PERMISSION_TOKEN en el Submensaje DATA —específicamente al manipular el campo de longitud en readPropertySeq—, se produce un desbordamiento de entero, lo que lleva a una OOM durante la operación de redimensionamiento. Las versiones 3.4.1, 3.3.1 y 2.6.11 parchean el problema.
First Time		Debian debian Linux Debian Eprosima Eprosima fast Dds

03 Feb 2026, 18:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-03 18:16

Updated : 2026-02-24 19:47

NVD link : CVE-2025-62599

Mitre link : CVE-2025-62599

CVE.ORG link : CVE-2025-62599

JSON object : View

Products Affected

eprosima

fast_dds

debian

debian_linux

CWE

CWE-125

Out-of-bounds Read

CWE-190

Integer Overflow or Wraparound

7.5 /10