CRITICAL🇵🇱 Wersja polska

CVE-2025-67108

CVSS 10.0v3.1pub. 2025-12-23upd. 2026-07-05

eProsima Fast-DDS v3.3 was discovered to contain improper validation for ticket revocation, resulting in insecure communications and connections.

🤖 AI Analysis
How it works

An error in the ticket/certificate revocation validation mechanism (CWE-298: Improper Validation of Certificate with Host Mismatch, CWE-370: Missing or Incorrect Error Handling for Certificate Revocation) causes revoked permissions or access tokens to not be properly verified. As a result, connections that should be rejected as invalid are accepted by DDS communication nodes. The vulnerability is located in the access control module (Permissions.cpp) of the Fast-DDS library. A remote attacker, without authentication and without user interaction, can exploit this flaw to establish unauthorized connections.

Impact

An attacker can establish unauthorized, unsecured connections to systems using Fast-DDS, gaining access to sensitive data transmitted over the DDS network and compromising the integrity of communication between system nodes.

Mitigation & patch

Patches available from the vendor should be applied in accordance with the references. It is recommended to monitor the official eProsima Fast-DDS repository and vendor pages (eprosima.com, fast-dds.com) for current patch information. Until the patch is applied, consider restricting network access to DDS nodes and implementing network segmentation.

Who is affected

eProsima Fast-DDS v3.3

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
  • Eprosima Fast Dds

    APP
    Eprosima
    3.3.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-28231CRITICAL9.6PL ✓ten sam produkt

Heap buffer overflow w eprosima Fast DDS via manipulowany DATA Submessage

CVE-2023-50716CRITICAL9.6PL ✓ten sam produkt

eProsima Fast DDS — use-after-free przez nieprawidłowy pakiet DATA_FRAG

CVE-2023-50257CRITICAL9.6PL ✓ten sam produkt

eProsima Fast DDS — podatność rozłączenia subskrybentów RTPS w SROS2

CVE-2025-62599HIGH8.6ten sam produkt

eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object M...

CVE-2025-62600HIGH8.6ten sam produkt

eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object M...