CVE-2025-10450
Information Exposure in RTI Connext Professional Core Libraries
Publication date: 2025-12-16
Last updated on: 2026-04-01
Assigner: RTI
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| rti | connext_professional | From 7.2.0 (inc) to 7.3.1 (exc) |
| rti | connext_professional | From 7.4.0 (inc) to 7.6.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-359 | The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should apply the security updates provided by RTI in their December 2025 security bulletin. This update addresses CVE-2025-10450 and other critical vulnerabilities in RTI Connext products. Ensuring your RTI Connext Professional Core Libraries are updated to versions beyond 7.* (specifically beyond 7.3.1 for affected versions) will help prevent unauthorized access to sensitive instance data. [1]
Can you explain this vulnerability to me?
CVE-2025-10450 is a critical vulnerability in RTI Connext Professional (Core Libraries) that allows unauthorized actors to sniff network traffic and gain access to private personal information. This means attackers can intercept sensitive instance data within Connext applications, compromising confidentiality and security. [1]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized access to sensitive instance information in RTI Connext applications, potentially exposing private personal data. This compromises the confidentiality and security of your system, increasing the risk of data breaches and unauthorized data disclosure. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthorized access to sensitive instance information, potentially compromising confidentiality and security. Such exposure of private personal information could negatively impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal data against unauthorized access. However, specific compliance impacts are not detailed in the provided resources. [1]