Fast-DDS
CVE-2025-65865
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Remote unauthenticated crafted input reaches the RTPS parser (AV:N/AC:L/PR:N/UI:N); impact is availability-only DoS from the integer overflow, so C:N/I:N/A:H and no scope change.
Primary rating from Vendor (mitre).
CVSS VectorVendor: mitre
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
An integer overflow in eProsima Fast-DDS v3.3 allows attackers to cause a Denial of Service (DoS) via a crafted input.
AnalysisAI
Remote denial of service in eProsima Fast-DDS v3.3.0 allows unauthenticated network attackers to crash affected processes by sending crafted input that triggers an integer overflow (CWE-190). Fast-DDS is the default DDS middleware in ROS 2, so exploitation can take down robotics and distributed control nodes without any credentials or user interaction. Publicly available exploit code exists (GitHub PoC), though EPSS remains low (0.41%, 33rd percentile) and the CVE is not listed in CISA KEV.
Technical ContextAI
Fast-DDS is eProsima's C++ implementation of the OMG Data Distribution Service (DDS) and the RTPS wire protocol, used for real-time publish/subscribe messaging and shipped as the reference/default middleware (rmw_fastrtps) for ROS 2. The root cause is CWE-190 (Integer Overflow or Wraparound): a length, size, or count value derived from attacker-controlled input is arithmetically manipulated (e.g., multiplied or added) without adequate bounds checking, wrapping around and producing an undersized/incorrect value. This typically leads to a bad allocation, out-of-bounds access, or logic error that terminates the process. Because DDS/RTPS endpoints parse network data from participants over UDP/TCP, malformed messages reach the vulnerable parsing path directly. The affected component is precisely identified by CPE cpe:2.3:a:eprosima:fast_dds:3.3.0.
RemediationAI
No vendor-released patch identified at time of analysis; the only references are the vendor site (http://fast-dds.com) and proof-of-concept material (https://gist.github.com/lkloliver/7aa48cb9fc7a1dd74cb595212bb69d33 and https://github.com/lkloliver/poc/blob/main/Detail.md), with no fixed version enumerated. Monitor the eProsima Fast-DDS GitHub releases and upgrade to a fixed 3.3.x (or later) build as soon as one is published. As compensating controls until then: restrict DDS/RTPS reachability by placing participants on isolated, trusted network segments and firewalling the RTPS discovery/data ports (default UDP 7400+ range) from untrusted sources, which limits the AV:N exposure but breaks cross-segment discovery; enable DDS Security (authentication/access-control plugins) so only authenticated participants can send data to the parser, at the cost of key management and some latency; and add network-layer rate limiting or validation upstream, accepting that malformed packets may still reach the vulnerable path if they pass those checks.
FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Ra
FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Ra
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Rate
Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). R
An issue was discovered in eProsima FastDDS v.2.14.0 and before, allows a local attacker to cause a denial of service (D
Improper validation of permissions/ticket revocation in eProsima Fast-DDS 3.3.0 allows revoked or no-longer-valid securi
Fast DDS (eProsima) has a heap buffer overflow in its C++ DDS implementation that allows remote attackers to execute cod
An issue was discovered in eProsima FastDDS v.2.14.0 and before, allows a local attacker to cause a denial of service (D
Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ).
Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ).
Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ).
Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ).
Same weakness CWE-190 – Integer Overflow or Wraparound
View allSame technique Integer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today