CVE-2025-62603

CWE-125Out-of-bounds Read5 documents5 sources
Severity
1.7LOW
EPSS
0.0%
top 87.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Eprosima Fast-ddsEprosima Fast DDSDebian Debian Linux
Timeline
PublishedFeb 3

Description

Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). ParticipantGenericMessage is the DDS Security control-message container that carries not only the handshake but also on going security-control traffic after the handshake, such as crypto-token exchange, rekeying, re-authentication, and token delivery for newly appearing endpoints. On receive, the CDR parser is invoked first and deserializes the `message_data` (i .e., the `DataH

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5eprosima/fast-dds3.4.03.4.1+2
NVDeprosima/fast_dds3.0.03.3.1+2

Also affects: Debian Linux 11.0, 12.0, 13.0

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

2
CVEList
FastDDS has Out-of-memory while parsing GenericMessage when DDS Security is enabled2026-02-03
OSV
CVE-2025-62603: Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group )2026-02-03

📋Vendor Advisories

1
Debian
CVE-2025-62603: fastdds - Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard...2025

🕵️Threat Intelligence

1
Wiz
CVE-2025-62603 Impact, Exploitability, and Mitigation Steps | Wiz