Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
7DescriptionCVE.org
Improper Restriction of XML External Entity Reference vulnerability in Connext Professional (Core Libraries) allows Serialized Data External Linking.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.3x before 5.2.*.
AnalysisAI
XML External Entity (XXE) injection in RTI Connext Professional's Core Libraries allows remote unauthenticated attackers to exfiltrate sensitive data and cause denial of service through maliciously crafted XML documents processed by the DDS middleware. Affects versions 4.3x through 7.6.x across all major release branches (4.3x-7.4.0), with vendor patch available but no public exploit identified at time of analysis. CVSS 8.8 (High) reflects network attack vector with high confidentiality and availability impact but no integrity compromise, consistent with typical XXE data exfiltration and resource exhaustion scenarios. SSVC assessment indicates non-automatable exploitation with partial technical impact, suggesting targeted attack scenarios rather than mass exploitation.
Technical ContextAI
RTI Connext Professional is a Data Distribution Service (DDS) middleware implementation used in real-time distributed systems, particularly in industrial control, healthcare devices, autonomous systems, and defense applications. The vulnerability resides in the Core Libraries' XML parsing components. CWE-611 (XML External Entity Reference) occurs when an XML parser is improperly configured to process external entity declarations, allowing attackers to reference external resources via specially crafted DTD declarations. In DDS implementations, XML is commonly used for QoS profiles, type definitions, and configuration files. The CPE (cpe:2.3:a:rti:connext_professional) confirms RTI as the vendor with Connext Professional as the affected product. The vulnerability spans six major version branches (4.3x, 5.3.x, 6.0.x, 6.1.x, 7.0-7.3.x, 7.4-7.6.x), indicating a long-standing architectural issue in XML handling across the product lifecycle. The CVSS 4.0 vector shows no integrity impact (VI:N), suggesting the XXE is primarily exploitable for data exfiltration and availability disruption rather than data manipulation.
RemediationAI
Upgrade to patched versions: Connext Professional 7.7.0 or later for 7.4.x branch deployments, or 7.3.1.1 or later for 7.0.x branch deployments. For older branches (6.1.x, 6.0.x, 5.3.x, and 4.3x-5.2.x series), RTI's version notation '6.1.*', '6.0.*', '5.3.*', and '5.2.*' suggests no direct patches are available for these end-of-life branches, requiring migration to supported 7.x versions. Consult RTI vendor advisory at https://www.rti.com/vulnerabilities/#cve-2025-14543 for version-specific upgrade paths and potential backport patches. If immediate upgrade is not feasible, implement compensating controls: (1) disable XML external entity processing in all XML parsers used by Connext applications by setting parser features to disallow DOCTYPE declarations and external entities (may break applications relying on external entity references in legitimate configuration files); (2) restrict XML input sources to trusted administrators only, eliminating any network-accessible XML configuration endpoints (limits operational flexibility for dynamic QoS reconfiguration); (3) deploy network segmentation to isolate DDS domains from untrusted networks (reduces attack surface but does not eliminate insider threat or supply chain risks). Validate parser hardening by testing with known XXE payloads against non-production systems before deploying to operational environments.
More in Connext Professional
View allRemote heap-based buffer overflow in RTI Connext Professional Core Libraries allows unauthenticated network attackers to
Out-of-bounds read in RTI Connext Professional Core Libraries allows remote unauthenticated attackers to read beyond int
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RTI Connext Profes
Remote denial of service and partial data exposure in RTI Connext Professional's Web Integration Service results from a
XML External Entity (XXE) injection in RTI Connext Professional routing and service components allows remote unauthentic
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in RTI Connext
Network traffic sniffing in RTI Connext Professional 7.2.0-7.3.0 and 7.4.0-7.6.x exposes private personal information to
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Routin
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core L
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core L
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Routin
In RTI Connext Professional 5.3.1 through 6.1.0 before 6.1.1, a buffer overflow in XML parsing from Routing Service, Rec
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-209595