CVE-2025-62599

⚠️ high

Summary

eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes an Out-Of-Memory (OOM) condition, resulting in remote termination of Fast-DDS. If the fields of PID_IDENTITY_TOKEN or PID_PERMISSION_TOKEN in the DATA Submessage — specifically by tampering with the length fi

Description

eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes an Out-Of-Memory (OOM) condition, resulting in remote termination of Fast-DDS.
If the fields of PID_IDENTITY_TOKEN or PID_PERMISSION_TOKEN in the DATA Submessage — specifically by tampering with the length field in readPropertySeq — are modified, an integer overflow occurs, leading to an OOM during the resize operation. This vulnerability is fixed in 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1.

CVSS Score

8.6

High

EPSS Score

0.0

Exploit Probability

Published Date

2026-02-03

First Seen: 2026-02-04

📊 Relative Risk Intelligence

This CVE is High Risk - more severe than 80.5% of all 322,079 vulnerabilities in our database.

#62,658

Top 25% most severe

Severity Percentile

🎯 CISA SSVC Assessment Updated: Feb 4, 2026

🔍 Exploitation Status

None

No known exploits

⚙️ Automatable

Requires human interaction

💥 Technical Impact

Partial

Limited system impact

SSVC data provided by CISA

Last Modified 2026-04-09

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE IDs (Weakness Types)

CWE-190 CWE-789

Vendor	Product	Status	Affected Versions
debian	debian_linux	Affected	v11.0
debian	debian_linux	Affected	v12.0
debian	debian_linux	Affected	v13.0
eprosima	fast_dds	Affected	< 2.6.11
eprosima	fast_dds	Affected	> 3.0.0 < 3.3.1
eprosima	fast_dds	Affected	v3.4.0

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2026-31431	⚠️ high	7.8	2.4	In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-pla...	2026-04-22
CVE-2026-4775	⚠️ high	7.8	0.0	A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the ...	2026-03-24
CVE-2026-1940	🔶 medium	5.1	0.0	An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gst_wavparse_adtl_chunk() function. The patch added...	2026-03-23
CVE-2025-63261	⚠️ high	7.8	0.1	AWStats 8.0 is vulnerable to Command Injection via the open function	2026-03-20
CVE-2026-25506	⚠️ high	7.7	0.0	MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can ...	2026-02-10
CVE-2025-62600	⚠️ high	8.6	0.0	eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management ...	2026-02-03

CVE-2025-62599

Summary

Description

📊 Relative Risk Intelligence

🎯 CISA SSVC Assessment Updated: Feb 4, 2026

📦 Affected Products 6

🔗 References 1

🔗 Related CVEs 6