CVE-2025-67111
Integer Overflow in OpenDDS RTPS Causes Denial of Service
Publication date: 2025-12-23
Last updated on: 2025-12-23
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| opendds | opendds | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-67111 is an integer overflow vulnerability in the RTPS protocol implementation of OpenDDS versions before 3.33.0. It occurs due to an integer underflow when processing DATA-FRAG submessages. Specifically, if the parsed byte count exceeds the expected length, a negative value is cast to an unsigned type, resulting in a very large number. Attackers can craft DATA-FRAG submessages with smaller declared lengths but embed large amounts of data, causing this underflow. This leads to invalid memory access and program crashes. [1]
How can this vulnerability impact me? :
This vulnerability can be exploited by attackers to cause a Denial of Service (DoS) by crashing the OpenDDS application through invalid memory access triggered by crafted messages. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for crashes or segmentation faults in OpenDDS processes handling RTPS protocol messages, especially when processing DATA-FRAG submessages. Detection may involve capturing and analyzing RTPS traffic for malformed DATA-FRAG submessages with inconsistent length fields. While no specific commands are provided, using packet capture tools like tcpdump or Wireshark to filter RTPS traffic and inspecting for suspicious DATA-FRAG submessages could help. Additionally, running the proof-of-concept code available at https://github.com/lkloliver/poc/tree/main/CVE-2025-67111 may assist in testing detection. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade OpenDDS to version 3.33.0 or later, where this integer overflow vulnerability in the RTPS protocol implementation has been fixed. Until the upgrade can be applied, consider restricting or filtering RTPS traffic from untrusted sources to reduce exposure to crafted DATA-FRAG submessages that exploit this flaw. [1]