CVE-2025-62601
Unknown Unknown - Not Provided
Heap Buffer Overflow in Fast DDS SPDP Packet Causes Remote Crash

Publication date: 2026-02-03

Last updated on: 2026-02-18

Assigner: GitHub, Inc.

Description
Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes a heap buffer overflow, resulting in remote termination of Fast-DDS. If the fields of `PID_IDENTITY_TOKEN` or `PID_PERMISSIONS_TOKEN` in the DATA Submessage β€” specifically by tampering with the `str_size` value read by `readString` (called from `readBinaryProperty`) β€” are modified, a 32-bit integer overflow can occur, causing `std::vector::resize` to use an attacker-controlled size and quickly trigger heap buffer overflow and remote process term ination. Versions 3.4.1, 3.3.1, and 2.6.11 patch the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-03
Last Modified
2026-02-18
Generated
2026-06-16
AI Q&A
2026-02-03
EPSS Evaluated
2026-06-15
NVD
CVE-2025-62601
EUVD
EUVD-2025-206631
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
eprosima fast_dds to 2.6.11 (exc)
eprosima fast_dds From 3.0.0 (inc) to 3.3.1 (exc)
eprosima fast_dds 3.4.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Fast DDS, a C++ implementation of the Data Distribution Service (DDS) standard. When security mode is enabled, an attacker can modify the DATA Submessage within an SPDP packet sent by a publisher. Specifically, tampering with the fields PID_IDENTITY_TOKEN or PID_PERMISSIONS_TOKEN by altering the str_size value causes a 32-bit integer overflow. This overflow leads to std::vector::resize using an attacker-controlled size, which triggers a heap buffer overflow and results in remote termination of the Fast DDS process.

The issue affects versions prior to 3.4.1, 3.3.1, and 2.6.11, which have been patched to fix this problem.

Impact Analysis

This vulnerability can lead to remote termination of the Fast DDS process, effectively causing a denial of service. An attacker who exploits this flaw can crash the application remotely by sending specially crafted packets, potentially disrupting communication and data distribution services that rely on Fast DDS.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade Fast DDS to version 3.4.1 or later, where the issue has been fixed.

Avoid using vulnerable versions such as 2.1.0+ds-9+deb11u1, 2.9.1+ds-1+deb12u2, 3.1.2+ds-1, and 3.3.0+ds-3 until patched versions are available.

Detection Guidance

This vulnerability involves a heap buffer overflow triggered by tampering with specific fields in the DATA Submessage of SPDP packets sent by Fast DDS publishers when security mode is enabled.

To detect this vulnerability on your network or system, you can monitor network traffic for SPDP packets containing modified DATA Submessages, especially those with suspicious or malformed PID_IDENTITY_TOKEN or PID_PERMISSIONS_TOKEN fields.

Since the vulnerability is specific to Fast DDS versions prior to 3.4.1, 3.3.1, and 2.6.11, checking the installed Fast DDS version on your system is a primary step.

  • Check Fast DDS version installed: fastdds --version
  • Capture and analyze network traffic for SPDP packets (which use UDP multicast on port 7400 by default): sudo tcpdump -i <interface> udp port 7400 -w spdp_capture.pcap
  • Analyze captured packets with Wireshark or tshark to inspect DATA Submessages for anomalies in PID_IDENTITY_TOKEN or PID_PERMISSIONS_TOKEN fields.
  • Monitor Fast DDS process crashes or unexpected terminations which may indicate exploitation attempts.

Note that no specific detection commands or signatures are provided in the available resources, so detection relies on version checking, network traffic inspection, and monitoring for crashes.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-62601. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart