How to fix CVE-2025-62799?

Within 24 hours: Identify all systems running Fast DDS versions prior to 3.4.1, 3.3.1, or 2.6.11 and isolate them from production networks if possible; notify application owners and security teams. Within 7 days: Test and deploy available patches (3.4.1, 3.3.1, or 2.6.11) to development/staging environments; prioritize systems exposed to untrusted networks. Within 30 days: Complete patching of all production systems; validate patch deployment and monitor systems for exploitation signs.

Is Memory Corruption affected by CVE-2025-62799?

A critical heap buffer overflow vulnerability in Fast DDS (CVE-2025-62799, CVSS 9.8) could allow remote attackers to execute arbitrary code on systems running affected versions prior to 3.4.1, 3.3.1, or 2.6.11.

CVE-2025-62799

CRITICAL

2026-02-03 [email protected]

9.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

Patch Released

Feb 18, 2026 - 16:11 nvd

Patch available

CVE Published

Feb 03, 2026 - 20:15 nvd

CRITICAL 9.8

Description

Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, a heap buffer overflow exists in the Fast-DDS DATA_FRAG receive path. An un authenticated sender can transmit a single malformed RTPS DATA_FRAG packet where `fragmentSize` and `sampleSize` are craft ed to violate internal assumptions. Due to a 4-byte alignment step during fragment metadata initialization, the code write s past the end of the allocated payload buffer, causing immediate crash (DoS) and potentially enabling memory corruption ( RCE risk). Versions 3.4.1, 3.3.1, and 2.6.11 patch the issue.

Analysis

Fast DDS (eProsima) has a heap buffer overflow in its C++ DDS implementation that allows remote attackers to execute code through crafted DDS protocol messages.

Technical Context

Fast DDS, a C++ implementation of the Data Distribution Service (DDS) standard, has a CWE-122 heap buffer overflow in protocol message parsing. DDS is used in robotics, autonomous vehicles, and industrial systems.

Affected Products

['eProsima Fast DDS (before patch)']

Remediation

Update Fast DDS. Segment DDS networks from untrusted access.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +49

POC: 0

CVE-2025-62799 vulnerability details – vuln.today

Back

CVE-2025-62799

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-62799

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code