CVE-2025-65865
Integer Overflow in eProsima Fast-DDS v3.3 Causes DoS
Publication date: 2025-12-23
Last updated on: 2025-12-23
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| eprosima | fast-dds | 3.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-190 | The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-65865 is an integer overflow vulnerability in eProsima Fast-DDS version 3.3. It occurs in the processing of the DataFrag sub-message within the RTPS protocol, specifically in the proc_Submsg_DataFrag function. When the submessageLength is smaller than the sum of octetsToInlineQos and inlineQosSize, an integer underflow causes the payload_size to wrap around to a very large value. This leads to out-of-bounds memory access during a memcpy operation, which can cause a segmentation fault or allow arbitrary memory reads. Exploiting this requires knowledge of the target systemβs GUID and entityId and the ability to send crafted malicious RTPS packets via UDP. [1]
How can this vulnerability impact me? :
This vulnerability can cause a Denial of Service (DoS) by crashing the application through a segmentation fault. Additionally, it may allow an attacker to perform arbitrary memory reads, potentially exposing sensitive information or enabling further exploitation of the system. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for crafted malicious RTPS packets sent via UDP that exploit the integer overflow in the DataFrag sub-message processing. Detection involves capturing and analyzing UDP traffic for suspicious RTPS packets targeting eProsima Fast-DDS version 3.3, especially those manipulating the submessageLength, octetsToInlineQos, and inlineQosSize fields. Network packet capture tools like tcpdump or Wireshark can be used. For example, a command to capture UDP packets on the RTPS default port (usually 7400) could be: tcpdump -i <interface> udp port 7400 -w capture.pcap. Then, analyze the capture for abnormal DataFrag sub-messages. Additionally, monitoring application logs for crashes or segmentation faults related to Fast-DDS may indicate exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting or filtering incoming UDP traffic on the RTPS port (commonly 7400) to only trusted sources to prevent attackers from sending crafted malicious packets. Applying network-level controls such as firewalls or access control lists to block unauthorized RTPS packets is recommended. Additionally, monitoring for crashes or unusual behavior in eProsima Fast-DDS and applying any available patches or updates from the vendor once released is critical. If possible, temporarily disabling or isolating vulnerable Fast-DDS instances until a fix is applied can reduce risk. [1]