CVE-2025-65865
Unknown Unknown - Not Provided
Integer Overflow in eProsima Fast-DDS v3.3 Causes DoS

Publication date: 2025-12-23

Last updated on: 2025-12-23

Assigner: MITRE

Description
An integer overflow in eProsima Fast-DDS v3.3 allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-23
Last Modified
2025-12-23
Generated
2026-06-16
AI Q&A
2025-12-23
EPSS Evaluated
2026-06-15
NVD
CVE-2025-65865
EUVD
EUVD-2025-204858
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
eprosima fast-dds 3.3
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-190 The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-65865 is an integer overflow vulnerability in eProsima Fast-DDS version 3.3. It occurs in the processing of the DataFrag sub-message within the RTPS protocol, specifically in the proc_Submsg_DataFrag function. When the submessageLength is smaller than the sum of octetsToInlineQos and inlineQosSize, an integer underflow causes the payload_size to wrap around to a very large value. This leads to out-of-bounds memory access during a memcpy operation, which can cause a segmentation fault or allow arbitrary memory reads. Exploiting this requires knowledge of the target system’s GUID and entityId and the ability to send crafted malicious RTPS packets via UDP. [1]

Impact Analysis

This vulnerability can cause a Denial of Service (DoS) by crashing the application through a segmentation fault. Additionally, it may allow an attacker to perform arbitrary memory reads, potentially exposing sensitive information or enabling further exploitation of the system. [1]

Detection Guidance

This vulnerability can be detected by monitoring for crafted malicious RTPS packets sent via UDP that exploit the integer overflow in the DataFrag sub-message processing. Detection involves capturing and analyzing UDP traffic for suspicious RTPS packets targeting eProsima Fast-DDS version 3.3, especially those manipulating the submessageLength, octetsToInlineQos, and inlineQosSize fields. Network packet capture tools like tcpdump or Wireshark can be used. For example, a command to capture UDP packets on the RTPS default port (usually 7400) could be: tcpdump -i <interface> udp port 7400 -w capture.pcap. Then, analyze the capture for abnormal DataFrag sub-messages. Additionally, monitoring application logs for crashes or segmentation faults related to Fast-DDS may indicate exploitation attempts. [1]

Mitigation Strategies

Immediate mitigation steps include restricting or filtering incoming UDP traffic on the RTPS port (commonly 7400) to only trusted sources to prevent attackers from sending crafted malicious packets. Applying network-level controls such as firewalls or access control lists to block unauthorized RTPS packets is recommended. Additionally, monitoring for crashes or unusual behavior in eProsima Fast-DDS and applying any available patches or updates from the vendor once released is critical. If possible, temporarily disabling or isolating vulnerable Fast-DDS instances until a fix is applied can reduce risk. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-65865. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart