Skip to main content

Fast-DDS CVE-2025-65865

HIGH
Integer Overflow or Wraparound (CWE-190)
2025-12-23 cve@mitre.org
7.5
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
7.5 HIGH

Remote unauthenticated crafted input reaches the RTPS parser (AV:N/AC:L/PR:N/UI:N); impact is availability-only DoS from the integer overflow, so C:N/I:N/A:H and no scope change.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (mitre).

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jul 05, 2026 - 03:36 vuln.today

DescriptionCVE.org

An integer overflow in eProsima Fast-DDS v3.3 allows attackers to cause a Denial of Service (DoS) via a crafted input.

AnalysisAI

Remote denial of service in eProsima Fast-DDS v3.3.0 allows unauthenticated network attackers to crash affected processes by sending crafted input that triggers an integer overflow (CWE-190). Fast-DDS is the default DDS middleware in ROS 2, so exploitation can take down robotics and distributed control nodes without any credentials or user interaction. Publicly available exploit code exists (GitHub PoC), though EPSS remains low (0.41%, 33rd percentile) and the CVE is not listed in CISA KEV.

Technical ContextAI

Fast-DDS is eProsima's C++ implementation of the OMG Data Distribution Service (DDS) and the RTPS wire protocol, used for real-time publish/subscribe messaging and shipped as the reference/default middleware (rmw_fastrtps) for ROS 2. The root cause is CWE-190 (Integer Overflow or Wraparound): a length, size, or count value derived from attacker-controlled input is arithmetically manipulated (e.g., multiplied or added) without adequate bounds checking, wrapping around and producing an undersized/incorrect value. This typically leads to a bad allocation, out-of-bounds access, or logic error that terminates the process. Because DDS/RTPS endpoints parse network data from participants over UDP/TCP, malformed messages reach the vulnerable parsing path directly. The affected component is precisely identified by CPE cpe:2.3:a:eprosima:fast_dds:3.3.0.

RemediationAI

No vendor-released patch identified at time of analysis; the only references are the vendor site (http://fast-dds.com) and proof-of-concept material (https://gist.github.com/lkloliver/7aa48cb9fc7a1dd74cb595212bb69d33 and https://github.com/lkloliver/poc/blob/main/Detail.md), with no fixed version enumerated. Monitor the eProsima Fast-DDS GitHub releases and upgrade to a fixed 3.3.x (or later) build as soon as one is published. As compensating controls until then: restrict DDS/RTPS reachability by placing participants on isolated, trusted network segments and firewalling the RTPS discovery/data ports (default UDP 7400+ range) from untrusted sources, which limits the AV:N exposure but breaks cross-segment discovery; enable DDS Security (authentication/access-control plugins) so only authenticated participants can send data to the parser, at the cost of key management and some latency; and add network-layer rate limiting or validation upstream, accepting that malformed packets may still reach the vulnerable path if they pass those checks.

CVE-2024-30259 HIGH POC
7.5 May 14

FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Ra

CVE-2024-30258 HIGH POC
7.5 May 14

FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Ra

CVE-2024-28231 HIGH POC
7.5 Mar 20

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Rate

CVE-2023-42459 HIGH POC
7.5 Oct 16

Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). R

CVE-2024-30916 HIGH POC
7.1 Apr 11

An issue was discovered in eProsima FastDDS v.2.14.0 and before, allows a local attacker to cause a denial of service (D

CVE-2025-67108 CRITICAL
10.0 Dec 23

Improper validation of permissions/ticket revocation in eProsima Fast-DDS 3.3.0 allows revoked or no-longer-valid securi

CVE-2025-62799 CRITICAL
9.8 Feb 03

Fast DDS (eProsima) has a heap buffer overflow in its C++ DDS implementation that allows remote attackers to execute cod

CVE-2024-30917 MEDIUM POC
5.5 Apr 11

An issue was discovered in eProsima FastDDS v.2.14.0 and before, allows a local attacker to cause a denial of service (D

CVE-2025-62600 HIGH
8.6 Feb 03

Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ).

CVE-2025-62599 HIGH
8.6 Feb 03

Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ).

CVE-2025-62603 HIGH
7.5 Feb 03

Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ).

CVE-2025-64438 HIGH
7.5 Feb 03

Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ).

Share

CVE-2025-65865 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy