Skip to main content

Connext Professional CVE-2025-14543

| EUVDEUVD-2025-209595 HIGH
Improper Restriction of XML External Entity Reference (CWE-611)
2026-04-30 RTI
8.8
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

7
Patch released
May 04, 2026 - 13:02 nvd
Patch available
Analysis Generated
Apr 30, 2026 - 18:16 vuln.today
Patch available
Apr 30, 2026 - 17:02 EUVD
CVSS changed
Apr 30, 2026 - 16:22 NVD
8.8 (HIGH)
EUVD ID Assigned
Apr 30, 2026 - 15:45 euvd
EUVD-2025-209595
Analysis Generated
Apr 30, 2026 - 15:45 vuln.today
CVE Published
Apr 30, 2026 - 15:25 nvd
HIGH 8.8

DescriptionCVE.org

Improper Restriction of XML External Entity Reference vulnerability in Connext Professional (Core Libraries) allows Serialized Data External Linking.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.3x before 5.2.*.

AnalysisAI

XML External Entity (XXE) injection in RTI Connext Professional's Core Libraries allows remote unauthenticated attackers to exfiltrate sensitive data and cause denial of service through maliciously crafted XML documents processed by the DDS middleware. Affects versions 4.3x through 7.6.x across all major release branches (4.3x-7.4.0), with vendor patch available but no public exploit identified at time of analysis. CVSS 8.8 (High) reflects network attack vector with high confidentiality and availability impact but no integrity compromise, consistent with typical XXE data exfiltration and resource exhaustion scenarios. SSVC assessment indicates non-automatable exploitation with partial technical impact, suggesting targeted attack scenarios rather than mass exploitation.

Technical ContextAI

RTI Connext Professional is a Data Distribution Service (DDS) middleware implementation used in real-time distributed systems, particularly in industrial control, healthcare devices, autonomous systems, and defense applications. The vulnerability resides in the Core Libraries' XML parsing components. CWE-611 (XML External Entity Reference) occurs when an XML parser is improperly configured to process external entity declarations, allowing attackers to reference external resources via specially crafted DTD declarations. In DDS implementations, XML is commonly used for QoS profiles, type definitions, and configuration files. The CPE (cpe:2.3:a:rti:connext_professional) confirms RTI as the vendor with Connext Professional as the affected product. The vulnerability spans six major version branches (4.3x, 5.3.x, 6.0.x, 6.1.x, 7.0-7.3.x, 7.4-7.6.x), indicating a long-standing architectural issue in XML handling across the product lifecycle. The CVSS 4.0 vector shows no integrity impact (VI:N), suggesting the XXE is primarily exploitable for data exfiltration and availability disruption rather than data manipulation.

RemediationAI

Upgrade to patched versions: Connext Professional 7.7.0 or later for 7.4.x branch deployments, or 7.3.1.1 or later for 7.0.x branch deployments. For older branches (6.1.x, 6.0.x, 5.3.x, and 4.3x-5.2.x series), RTI's version notation '6.1.*', '6.0.*', '5.3.*', and '5.2.*' suggests no direct patches are available for these end-of-life branches, requiring migration to supported 7.x versions. Consult RTI vendor advisory at https://www.rti.com/vulnerabilities/#cve-2025-14543 for version-specific upgrade paths and potential backport patches. If immediate upgrade is not feasible, implement compensating controls: (1) disable XML external entity processing in all XML parsers used by Connext applications by setting parser features to disallow DOCTYPE declarations and external entities (may break applications relying on external entity references in legitimate configuration files); (2) restrict XML input sources to trusted administrators only, eliminating any network-accessible XML configuration endpoints (limits operational flexibility for dynamic QoS reconfiguration); (3) deploy network segmentation to isolate DDS domains from untrusted networks (reduces attack surface but does not eliminate insider threat or supply chain risks). Validate parser hardening by testing with known XXE payloads against non-production systems before deploying to operational environments.

CVE-2026-2467 CRITICAL
9.2 Jun 17

Remote heap-based buffer overflow in RTI Connext Professional Core Libraries allows unauthenticated network attackers to

CVE-2026-3894 CRITICAL
9.2 Jun 17

Out-of-bounds read in RTI Connext Professional Core Libraries allows remote unauthenticated attackers to read beyond int

CVE-2024-52057 CRITICAL
9.1 Dec 13

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RTI Connext Profes

CVE-2026-7300 HIGH
8.8 Jun 17

Remote denial of service and partial data exposure in RTI Connext Professional's Web Integration Service results from a

CVE-2026-4374 HIGH
8.8 Apr 01

XML External Entity (XXE) injection in RTI Connext Professional routing and service components allows remote unauthentic

CVE-2024-52058 HIGH
8.6 Dec 13

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in RTI Connext

CVE-2025-10450 HIGH
8.3 Dec 16

Network traffic sniffing in RTI Connext Professional 7.2.0-7.3.0 and 7.4.0-7.6.x exposes private personal information to

CVE-2024-52066 HIGH
8.3 Dec 13

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Routin

CVE-2024-52063 HIGH
8.3 Dec 13

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core L

CVE-2024-52061 HIGH
8.3 Dec 13

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core L

CVE-2024-52060 HIGH
8.3 Dec 13

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Routin

CVE-2024-25724 HIGH
7.3 May 21

In RTI Connext Professional 5.3.1 through 6.1.0 before 6.1.1, a buffer overflow in XML parsing from Routing Service, Rec

Share

CVE-2025-14543 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy