Rti Connext Professional vulnerabilities
32 known vulnerabilities affecting rti/connext_professional.
Total CVEs
32
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL10HIGH18MEDIUM4
Vulnerabilities
Page 1 of 2
CVE-2024-52057P2CRITICALCVSS 9.8≥ 5.2.0, < 6.1.2.17≥ 7.0.0, < 7.3.02024-12-13
CVE-2024-52057 [CRITICAL] CWE-89 CVE-2024-52057: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RTI Connext Professional (Queuing Service) allows SQL Injection.This issue affects Connext Professional: from 7.0.0 before 7.3.0, from 6.1.0 before 6.1.2.17, from 6.0.0 before 6.0.*, from 5.2.0 before 5.3.*.
nvd
CVE-2024-52061P3CRITICALCVSS 9.8≥ 5.0.0, < 5.3.1.45≥ 6.0.0, < 6.0.1.40+3 more2024-12-13
CVE-2024-52061 [CRITICAL] CWE-120 CVE-2024-52061: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries, Queuing Service, Recording Service, Routing Service) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0
nvd
CVE-2021-38487P3CRITICALCVSS 9.1≥ 4.2, < 6.1.0≥ 4.1, < 6.1.02022-05-05
CVE-2021-38487 [CRITICAL] CWE-406 CVE-2021-38487: RTI Connext Professional versions 4.1 to 6.1.0, and Connext Micro versions 2.4 and later are vulnera
RTI Connext Professional versions 4.1 to 6.1.0, and Connext Micro versions 2.4 and later are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic. This may result in a denial-of-service condition and information exposure.
nvd
CVE-2025-4993P3CRITICALCVSS 9.1≥ 4.4a, < 6.1.2.27≥ 7.0.0, < 7.3.0.10+5 more2025-09-23
CVE-2025-4993 [CRITICAL] CWE-822 CVE-2025-4993: Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Poin
Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.10, from 6.1.0 before 6.1.2.27, from 6.0.0 before 6.0.1.43, from 5.3.0 before 5.3.*, from 4.4a before 5.2.*.
nvd
CVE-2025-14543P3CRITICALCVSS 9.1≥ 4.3.0, ≤ 5.2.3≥ 5.3.0, ≤ 5.3.1.45+8 more2026-04-30
CVE-2025-14543 [CRITICAL] CWE-611 CVE-2025-14543: Improper Restriction of XML External Entity Reference vulnerability in Connext Professional (Core Li
Improper Restriction of XML External Entity Reference vulnerability in Connext Professional (Core Libraries) allows Serialized Data External Linking.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.3x before 5.2.*.
nvd
CVE-2025-1255P3CRITICALCVSS 9.1≥ 7.2.0, < 7.3.0.9≥ 7.4.0, < 7.6.02025-09-23
CVE-2025-1255 [CRITICAL] CWE-822 CVE-2025-1255: Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Poin
Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.2.0 before 7.3.0.9.
nvd
CVE-2026-4374P3CRITICALCVSS 9.1≥ 5.3.0, ≤ 5.3.1.45≥ 6.0.0, ≤ 6.0.1.40+7 more2026-04-01
CVE-2026-4374 [CRITICAL] CWE-611 CVE-2026-4374: Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Rou
Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Routing Service,Observability Collector,Recording Service,Queueing Service,Cloud Discovery Service) allows Serialized Data External Linking, Data Serializat...
nvd
CVE-2024-52063P3HIGHCVSS 8.6≥ 4.4, < 5.3.1.45≥ 6.0.0, < 6.0.1.40+2 more2024-12-13
CVE-2024-52063 [HIGH] CWE-120 CVE-2024-52063: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries, Routing Service) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45.
nvd
CVE-2021-38435P3CRITICALCVSS 9.8≥ 4.2, < 6.1.02022-05-05
CVE-2021-38435 [CRITICAL] CWE-131 CVE-2021-38435: RTI Connext DDS Professional and Connext DDS Secure Versions 4.2x to 6.1.0 not correctly calculate t
RTI Connext DDS Professional and Connext DDS Secure Versions 4.2x to 6.1.0 not correctly calculate the size when allocating the buffer, which may result in a buffer overflow.
nvd
CVE-2024-52058P3HIGHCVSS 7.8≥ 6.1.0, < 6.1.2.19≥ 7.0.0, < 7.3.0.22024-12-13
CVE-2024-52058 [HIGH] CWE-78 CVE-2024-52058: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerabi
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in RTI Connext Professional (System Designer) allows OS Command Injection.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.0 before 6.1.2.19.
nvd
CVE-2025-10450P3HIGHCVSS 7.5≥ 7.2.0, < 7.3.1≥ 7.4.0, ≤ 7.6.0+1 more2025-12-16
CVE-2025-10450 [HIGH] CWE-359 CVE-2025-10450: Exposure of Private Personal Information to an Unauthorized Actor vulnerability in RTI Connext Profe
Exposure of Private Personal Information to an Unauthorized Actor vulnerability in RTI Connext Professional (Core Libraries) allows Sniffing Network Traffic.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.2.0 before 7.3.1.
nvd
CVE-2025-1253P3HIGHCVSS 7.8≥ 4.5c, ≤ 5.2.3≥ 5.3.0, ≤ 5.3.1.45+7 more2025-05-08
CVE-2025-1253 [HIGH] CWE-120 CVE-2025-1253: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Stack-based Buffer Overflow
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Stack-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from 6.0.0 before 6.0.1.42, from 5.3.0 be
nvd
CVE-2025-8410P3HIGHCVSS 7.4≥ 7.5.0, < 7.6.02025-09-23
CVE-2025-8410 [HIGH] CWE-416 CVE-2025-8410: Use After Free vulnerability in RTI Connext Professional (Security Plugins) allows File Manipulation
Use After Free vulnerability in RTI Connext Professional (Security Plugins) allows File Manipulation.This issue affects Connext Professional: from 7.5.0 before 7.6.0.
nvd
CVE-2024-52059P3HIGHCVSS 7.8≥ 6.1.0, < 6.1.2.17≥ 7.0.0, < 7.3.0.22024-12-13
CVE-2024-52059 [HIGH] CWE-120 CVE-2024-52059: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Heap-based Buffer Overflow,
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Heap-based Buffer Overflow, Integer Overflow or Wraparound vulnerability in RTI Connext Professional (Security Plugins) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.0 before 6.1.2.17.
nvd
CVE-2025-1254P3HIGHCVSS 7.4≥ 6.0.0, ≤ 6.0.1.40≥ 6.1.0, < 6.1.2.23+3 more2025-05-08
CVE-2025-1254 [HIGH] CWE-125 CVE-2025-1254: Out-of-bounds Read, Out-of-bounds Write vulnerability in RTI Connext Professional (Recording Service
Out-of-bounds Read, Out-of-bounds Write vulnerability in RTI Connext Professional (Recording Service) allows Overflow Buffers, Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from 6.0.0 before 6.0.1.42.
nvd
CVE-2024-52060P3HIGHCVSS 7.8≥ 5.3.0, < 5.3.1.45≥ 6.0.0, < 6.0.1.40+2 more2024-12-13
CVE-2024-52060 [HIGH] CWE-120 CVE-2024-52060: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Routing Service, Recording Service, Queuing Service, Observability Collector Service, Cloud Discovery Service) allows Buffer Overflow via Environment Variables.This issue affects Connext Professional: from 7.0.0 before 7.3.0.5, from 6.1.0 b
nvd
CVE-2021-38427P3HIGHCVSS 7.8≥ 4.2.0, ≤ 6.1.02022-05-05
CVE-2021-38427 [HIGH] CWE-121 CVE-2021-38427: RTI Connext DDS Professional and Connext DDS Secure Versions 4.2.x to 6.1.0 are vulnerable to a stac
RTI Connext DDS Professional and Connext DDS Secure Versions 4.2.x to 6.1.0 are vulnerable to a stack-based buffer overflow, which may allow a local attacker to execute arbitrary code.
nvd
CVE-2021-38433P3HIGHCVSS 7.8≥ 4.2, < 6.1.02022-05-05
CVE-2021-38433 [HIGH] CWE-121 CVE-2021-38433: RTI Connext DDS Professional and Connext DDS Secure Versions 4.2x to 6.1.0 vulnerable to a stack-bas
RTI Connext DDS Professional and Connext DDS Secure Versions 4.2x to 6.1.0 vulnerable to a stack-based buffer overflow, which may allow a local attacker to execute arbitrary code.
nvd
CVE-2024-52066P3HIGHCVSS 7.8≥ 6.0.0, < 6.0.1.40≥ 6.1.0, < 6.1.2.21+2 more2024-12-13
CVE-2024-52066 [HIGH] CWE-120 CVE-2024-52066: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Routing Service) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40.
nvd
CVE-2024-25724P3HIGHCVSS 7.3≥ 5.3.0, < 5.3.1.44≥ 6.0.0, < 6.0.1.35+1 more2024-05-21
CVE-2024-25724 [HIGH] CWE-120 CVE-2024-25724: In RTI Connext Professional 5.3.1 through 6.1.0 before 6.1.1, a buffer overflow in XML parsing from
In RTI Connext Professional 5.3.1 through 6.1.0 before 6.1.1, a buffer overflow in XML parsing from Routing Service, Recording Service, Queuing Service, and Cloud Discovery Service allows attackers to execute code with the affected service's privileges, compromise the service's integrity, leak sensitive information, or crash the service. These attacks
nvd
1 / 2Next →