CVE-2025-67109
Unknown Unknown - Not Provided
Certificate Verification Bypass in Eclipse Cyclone DDS Enables Privilege Escalation

Publication date: 2025-12-23

Last updated on: 2025-12-23

Assigner: MITRE

Description
Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands with System privileges.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-23
Last Modified
2025-12-23
Generated
2026-06-16
AI Q&A
2025-12-23
EPSS Evaluated
2026-06-15
NVD
CVE-2025-67109
EUVD
EUVD-2025-204853
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
eclipse cyclone_dds *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-298 A certificate expiration is not validated or is incorrectly validated, so trust may be assigned to certificates that have been abandoned due to age.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-67109 is a vulnerability in Eclipse Cyclone DDS versions before 0.10.5 where the software improperly verifies the expiration time of certificates. It relies on the system's wall clock time, which can be manipulated by attackers, instead of a trusted time source. This allows attackers to bypass certificate expiration checks by making expired certificates appear valid or future certificates appear current, leading to a failure in identity authentication and access control. [3]

Compliance Impact

The vulnerability allows attackers to bypass certificate expiration checks and execute commands with System privileges due to improper verification of certificate time. This failure in identity authentication and access control could lead to unauthorized access and potential data breaches, which may result in non-compliance with standards and regulations such as GDPR and HIPAA that require strict access controls and protection of sensitive data. [3]

Impact Analysis

This vulnerability can allow attackers to bypass certificate checks and execute commands with System privileges on affected systems. Because the certificate expiration verification can be manipulated, unauthorized users may gain elevated access, potentially compromising system integrity, confidentiality, and availability. [3]

Detection Guidance

Detection of this vulnerability involves checking if your Eclipse Cyclone DDS version is prior to 0.10.5 and monitoring for suspicious system time changes that could affect certificate validation. Since the vulnerability exploits manipulation of system time (CLOCK_REALTIME) to bypass certificate expiration checks, you can detect anomalies by auditing system time changes and verifying the version of Cyclone DDS installed. Commands to check system time changes include 'timedatectl status' and reviewing system logs (e.g., 'journalctl | grep time'). To check the Cyclone DDS version, use the package manager or inspect the installed binaries. However, no specific detection commands for the vulnerability itself are provided in the resources. [3]

Mitigation Strategies

The immediate mitigation step is to upgrade Eclipse Cyclone DDS to version 0.10.5 or later, where the improper verification of the time certificate has been fixed. Additionally, securing the system time source to prevent unauthorized changes (e.g., restricting permissions to change system time, using trusted time synchronization services) can help mitigate exploitation. Monitoring and alerting on system time changes may also reduce risk. [3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-67109. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart