Connext Professional
Monthly
Out-of-bounds write conditions in RTI Connext Professional affect three distinct components - Queueing Service, Core Libraries, and Persistence Service - enabling a locally authenticated low-privileged user to corrupt memory and produce limited integrity and availability impacts on the vulnerable system. The vulnerability spans multiple release branches (6.1.x, 7.0.x-7.3.x, and 7.4.x-7.6.x) and is resolved in versions 7.7.0 and 7.3.1.3 per vendor guidance. No public exploit code has been identified at time of analysis, and this vulnerability does not appear in the CISA Known Exploited Vulnerabilities catalog.
Identity spoofing via missing authentication in RTI Connext Professional's Security Plugins component enables a low-privileged network attacker to impersonate legitimate DDS participants, achieving high integrity and availability impact against affected deployments. Versions spanning five major release lines - 5.3.x through 7.6.x - are affected, with the fix landing at 7.7.0 for the 7.4 branch. No public exploit code or CISA KEV listing has been identified at time of analysis, but the high integrity and availability impacts on a middleware widely used in defense, aerospace, and industrial control systems elevate practical risk above what the moderate CVSS score alone suggests.
Remote denial of service and partial data exposure in RTI Connext Professional's Web Integration Service results from a classic buffer overflow (CWE-120) reachable over the network without authentication. Versions 7.4.0 before 7.x, 7.0.0 before 7.3.1.3, and 6.1.2 before 6.1.x are vulnerable, and no public exploit identified at time of analysis. The CVSS 4.0 score of 8.8 reflects high availability impact with low confidentiality and integrity impact, consistent with a filter-failure overflow that crashes the service rather than yielding full code execution.
Out-of-bounds read in RTI Connext Professional Core Libraries allows remote unauthenticated attackers to read beyond intended buffer bounds, with the CVSS 4.0 vector (9.2 Critical) indicating high availability impact on both the vulnerable component and downstream systems consuming its data. The flaw affects a wide range of Connext Professional releases used as DDS middleware in defense, autonomous, and industrial deployments. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.
RTI Connext Professional's Security Plugins component allows authenticated network participants to spoof the source identity of DDS (Data Distribution Service) messages due to missing authentication on a critical data-origin verification function (CWE-306). The flaw affects versions spanning 5.3.x through 7.6.x, with a patched release available at 7.7.0 and 7.3.1.3 for the respective branches. An attacker with low-privilege access to the DDS network can falsify the apparent publisher identity of data streams, directly undermining data integrity in safety-critical deployments such as autonomous systems, industrial control, and defense applications where Connext is widely used. No public exploit code has been identified at time of analysis, and it is not listed in the CISA KEV catalog.
Remote heap-based buffer overflow in RTI Connext Professional Core Libraries allows unauthenticated network attackers to corrupt heap memory in the DDS middleware, impacting integrity and availability of both the vulnerable component and downstream subsystems. The flaw spans a wide range of long-supported branches (5.0.x through 7.6.x) and carries a CVSS 4.0 score of 9.2, though no public exploit identified at time of analysis.
XML External Entity (XXE) injection in RTI Connext Professional's Core Libraries allows remote unauthenticated attackers to exfiltrate sensitive data and cause denial of service through maliciously crafted XML documents processed by the DDS middleware. Affects versions 4.3x through 7.6.x across all major release branches (4.3x-7.4.0), with vendor patch available but no public exploit identified at time of analysis. CVSS 8.8 (High) reflects network attack vector with high confidentiality and availability impact but no integrity compromise, consistent with typical XXE data exfiltration and resource exhaustion scenarios. SSVC assessment indicates non-automatable exploitation with partial technical impact, suggesting targeted attack scenarios rather than mass exploitation.
XML External Entity (XXE) injection in RTI Connext Professional routing and service components allows remote unauthenticated attackers to exfiltrate sensitive data and trigger denial of service conditions. Affects multiple product families (Routing Service, Observability Collector, Recording Service, Queueing Service, Cloud Discovery Service) across versions 5.3.0 through 7.6.x. CVSS 8.8 (High) with network vector and no authentication required. EPSS probability remains low (0.04%, 11th percentile) with no confirmed active exploitation per CISA. Vendor patch available via RTI advisory.
Buffer over-read vulnerability in RTI Connext Professional Core Libraries allows unauthenticated remote attackers to read beyond allocated buffer boundaries, potentially leaking sensitive data. Affected versions span multiple major release lines: 7.4.0-7.6.x, 7.0.0-7.3.0.x, 6.1.0-6.1.x, 6.0.0-6.0.x, 5.3.0-5.3.x, and 4.3x-5.2.x. The CVSS 6.3 score reflects low confidentiality impact with network-based attack surface; no public exploit has been identified at time of analysis, and this vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.
Network traffic sniffing in RTI Connext Professional 7.2.0-7.3.0 and 7.4.0-7.6.x exposes private personal information to unauthorized remote actors with low attack complexity. The vulnerability allows confidentiality breach (high impact) with limited integrity and availability impacts, affecting distributed data-sharing middleware used in critical infrastructure and industrial systems. EPSS exploitation probability is minimal (0.05%, 15th percentile) with no confirmed active exploitation or public exploit code identified at time of analysis.
Use After Free vulnerability in RTI Connext Professional (Security Plugins) allows File Manipulation.5.0 before 7.6.0. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. No vendor patch available.
Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.4.0 before 7.6.0, from 7.2.0 before 7.3.0.9. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds Read, Out-of-bounds Write vulnerability in RTI Connext Professional (Recording Service) allows Overflow Buffers, Overread Buffers.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Stack-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.4.0. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.
Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Routing Service) allows Overflow Variables and Tags.4.0 before 7.5.0, from 7.0.0. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional on non-Windows (Persistence Service) allows Buffer Overflow via Environment. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.0.0 before 7.3.0.2, from 6.1.0. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries, Routing Service) allows Overflow Variables and Tags.0.0 before. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.0.0 before 7.3.0.5, from 6.1.0. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries, Queuing Service, Recording Service, Routing Service) allows Overflow. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Routing Service, Recording Service, Queuing Service, Observability Collector Service,. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Heap-based Buffer Overflow, Integer Overflow or Wraparound vulnerability in RTI Connext Professional (Security Plugins) allows. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in RTI Connext Professional (System Designer) allows OS Command Injection.0.0 before 7.3.0.2,. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RTI Connext Professional (Queuing Service) allows SQL Injection.0.0 before 7.3.0, from 6.1.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In RTI Connext Professional 5.3.1 through 6.1.0 before 6.1.1, a buffer overflow in XML parsing from Routing Service, Recording Service, Queuing Service, and Cloud Discovery Service allows attackers. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
Out-of-bounds write conditions in RTI Connext Professional affect three distinct components - Queueing Service, Core Libraries, and Persistence Service - enabling a locally authenticated low-privileged user to corrupt memory and produce limited integrity and availability impacts on the vulnerable system. The vulnerability spans multiple release branches (6.1.x, 7.0.x-7.3.x, and 7.4.x-7.6.x) and is resolved in versions 7.7.0 and 7.3.1.3 per vendor guidance. No public exploit code has been identified at time of analysis, and this vulnerability does not appear in the CISA Known Exploited Vulnerabilities catalog.
Identity spoofing via missing authentication in RTI Connext Professional's Security Plugins component enables a low-privileged network attacker to impersonate legitimate DDS participants, achieving high integrity and availability impact against affected deployments. Versions spanning five major release lines - 5.3.x through 7.6.x - are affected, with the fix landing at 7.7.0 for the 7.4 branch. No public exploit code or CISA KEV listing has been identified at time of analysis, but the high integrity and availability impacts on a middleware widely used in defense, aerospace, and industrial control systems elevate practical risk above what the moderate CVSS score alone suggests.
Remote denial of service and partial data exposure in RTI Connext Professional's Web Integration Service results from a classic buffer overflow (CWE-120) reachable over the network without authentication. Versions 7.4.0 before 7.x, 7.0.0 before 7.3.1.3, and 6.1.2 before 6.1.x are vulnerable, and no public exploit identified at time of analysis. The CVSS 4.0 score of 8.8 reflects high availability impact with low confidentiality and integrity impact, consistent with a filter-failure overflow that crashes the service rather than yielding full code execution.
Out-of-bounds read in RTI Connext Professional Core Libraries allows remote unauthenticated attackers to read beyond intended buffer bounds, with the CVSS 4.0 vector (9.2 Critical) indicating high availability impact on both the vulnerable component and downstream systems consuming its data. The flaw affects a wide range of Connext Professional releases used as DDS middleware in defense, autonomous, and industrial deployments. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.
RTI Connext Professional's Security Plugins component allows authenticated network participants to spoof the source identity of DDS (Data Distribution Service) messages due to missing authentication on a critical data-origin verification function (CWE-306). The flaw affects versions spanning 5.3.x through 7.6.x, with a patched release available at 7.7.0 and 7.3.1.3 for the respective branches. An attacker with low-privilege access to the DDS network can falsify the apparent publisher identity of data streams, directly undermining data integrity in safety-critical deployments such as autonomous systems, industrial control, and defense applications where Connext is widely used. No public exploit code has been identified at time of analysis, and it is not listed in the CISA KEV catalog.
Remote heap-based buffer overflow in RTI Connext Professional Core Libraries allows unauthenticated network attackers to corrupt heap memory in the DDS middleware, impacting integrity and availability of both the vulnerable component and downstream subsystems. The flaw spans a wide range of long-supported branches (5.0.x through 7.6.x) and carries a CVSS 4.0 score of 9.2, though no public exploit identified at time of analysis.
XML External Entity (XXE) injection in RTI Connext Professional's Core Libraries allows remote unauthenticated attackers to exfiltrate sensitive data and cause denial of service through maliciously crafted XML documents processed by the DDS middleware. Affects versions 4.3x through 7.6.x across all major release branches (4.3x-7.4.0), with vendor patch available but no public exploit identified at time of analysis. CVSS 8.8 (High) reflects network attack vector with high confidentiality and availability impact but no integrity compromise, consistent with typical XXE data exfiltration and resource exhaustion scenarios. SSVC assessment indicates non-automatable exploitation with partial technical impact, suggesting targeted attack scenarios rather than mass exploitation.
XML External Entity (XXE) injection in RTI Connext Professional routing and service components allows remote unauthenticated attackers to exfiltrate sensitive data and trigger denial of service conditions. Affects multiple product families (Routing Service, Observability Collector, Recording Service, Queueing Service, Cloud Discovery Service) across versions 5.3.0 through 7.6.x. CVSS 8.8 (High) with network vector and no authentication required. EPSS probability remains low (0.04%, 11th percentile) with no confirmed active exploitation per CISA. Vendor patch available via RTI advisory.
Buffer over-read vulnerability in RTI Connext Professional Core Libraries allows unauthenticated remote attackers to read beyond allocated buffer boundaries, potentially leaking sensitive data. Affected versions span multiple major release lines: 7.4.0-7.6.x, 7.0.0-7.3.0.x, 6.1.0-6.1.x, 6.0.0-6.0.x, 5.3.0-5.3.x, and 4.3x-5.2.x. The CVSS 6.3 score reflects low confidentiality impact with network-based attack surface; no public exploit has been identified at time of analysis, and this vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.
Network traffic sniffing in RTI Connext Professional 7.2.0-7.3.0 and 7.4.0-7.6.x exposes private personal information to unauthorized remote actors with low attack complexity. The vulnerability allows confidentiality breach (high impact) with limited integrity and availability impacts, affecting distributed data-sharing middleware used in critical infrastructure and industrial systems. EPSS exploitation probability is minimal (0.05%, 15th percentile) with no confirmed active exploitation or public exploit code identified at time of analysis.
Use After Free vulnerability in RTI Connext Professional (Security Plugins) allows File Manipulation.5.0 before 7.6.0. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. No vendor patch available.
Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.4.0 before 7.6.0, from 7.2.0 before 7.3.0.9. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds Read, Out-of-bounds Write vulnerability in RTI Connext Professional (Recording Service) allows Overflow Buffers, Overread Buffers.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Stack-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.4.0. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.
Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Routing Service) allows Overflow Variables and Tags.4.0 before 7.5.0, from 7.0.0. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional on non-Windows (Persistence Service) allows Buffer Overflow via Environment. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.0.0 before 7.3.0.2, from 6.1.0. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries, Routing Service) allows Overflow Variables and Tags.0.0 before. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.0.0 before 7.3.0.5, from 6.1.0. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries, Queuing Service, Recording Service, Routing Service) allows Overflow. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Routing Service, Recording Service, Queuing Service, Observability Collector Service,. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Heap-based Buffer Overflow, Integer Overflow or Wraparound vulnerability in RTI Connext Professional (Security Plugins) allows. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in RTI Connext Professional (System Designer) allows OS Command Injection.0.0 before 7.3.0.2,. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RTI Connext Professional (Queuing Service) allows SQL Injection.0.0 before 7.3.0, from 6.1.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In RTI Connext Professional 5.3.1 through 6.1.0 before 6.1.1, a buffer overflow in XML parsing from Routing Service, Recording Service, Queuing Service, and Cloud Discovery Service allows attackers. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.