CVE-2025-62600
Unknown Unknown - Not Provided
Integer Overflow in Fast DDS DATA Submessage Causes Remote OOM

Publication date: 2026-02-03

Last updated on: 2026-04-14

Assigner: GitHub, Inc.

Description
eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes an Out-Of-Memory (OOM) condition, resulting in remote termination of Fast-DDS. If the fields of PID_IDENTITY_TOKEN or PID_PERMISSION_TOKEN in the DATA Submessage β€” specifically by tampering with the length field in readBinaryPropertySeqβ€” are modified, an integer overflow occurs, leading to an OOM during the resize operation. This vulnerability is fixed in 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-03
Last Modified
2026-04-14
Generated
2026-06-16
AI Q&A
2026-02-04
EPSS Evaluated
2026-06-15
NVD
CVE-2025-62600
EUVD
EUVD-2025-206677
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
eprosima fast_dds to 2.6.11 (exc)
eprosima fast_dds From 3.0.0 (inc) to 3.3.1 (exc)
eprosima fast_dds 3.4.0
debian debian_linux 11.0
debian debian_linux 12.0
debian debian_linux 13.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-789 The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
CWE-190 The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

I don't know

Executive Summary

This vulnerability affects Fast DDS, a C++ implementation of the DDS standard. When security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher can cause an Out-Of-Memory (OOM) condition. Specifically, tampering with the length field in the PID_IDENTITY_TOKEN or PID_PERMISSION_TOKEN fields of the DATA Submessage leads to an integer overflow. This overflow causes the system to allocate excessive memory during a resize operation, resulting in the remote termination of Fast DDS.

The issue was fixed in Fast DDS versions 3.4.1, 3.3.1, and 2.6.11.

Impact Analysis

Exploiting this vulnerability can cause Fast DDS to run out of memory and crash remotely. This leads to a denial of service condition where the affected system or application using Fast DDS may terminate unexpectedly, disrupting communication and data distribution services.

Mitigation Strategies

To mitigate this vulnerability, upgrade Fast DDS to version 3.4.1 or later, where the issue has been fixed.

If upgrading immediately is not possible, consider disabling the security mode or avoiding modification of the DATA Submessage within SPDP packets, especially the PID_IDENTITY_TOKEN or PID_PERMISSION_TOKEN fields, to prevent triggering the out-of-memory condition.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-62600. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart