CVE-2025-62603
Unknown Unknown - Not Provided
Out-of-Memory Vulnerability in Fast DDS ParticipantGenericMessage Parsing

Publication date: 2026-02-03

Last updated on: 2026-02-18

Assigner: GitHub, Inc.

Description
Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). ParticipantGenericMessage is the DDS Security control-message container that carries not only the handshake but also on going security-control traffic after the handshake, such as crypto-token exchange, rekeying, re-authentication, and token delivery for newly appearing endpoints. On receive, the CDR parser is invoked first and deserializes the `message_data` (i .e., the `DataHolderSeq`) via the `readParticipantGenericMessage β†’ readDataHolderSeq` path. The `DataHolderSeq` is parsed sequentially: a sequence count (`uint32`), and for each DataHolder the `class_id` string (e.g. `DDS:Auth:PKI-DH:1.0+Req`), string properties (a sequence of key/value pairs), and binary properties (a name plus an octet-vector). The parser operat es at a stateless level and does not know higher-layer state (for example, whether the handshake has already completed), s o it fully unfolds the structure before distinguishing legitimate from malformed traffic. Because RTPS permits duplicates, delays, and retransmissions, a receiver must perform at least minimal structural parsing to check identity and sequence n umbers before discarding or processing a message; the current implementation, however, does not "peek" only at a minimal header and instead parses the entire `DataHolderSeq`. As a result, prior to versions 3.4.1, 3.3.1, and 2.6.11, this parsi ng behavior can trigger an out-of-memory condition and remotely terminate the process. Versions 3.4.1, 3.3.1, and 2.6.11 p atch the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-03
Last Modified
2026-02-18
Generated
2026-05-07
AI Q&A
2026-02-04
EPSS Evaluated
2026-05-05
NVD
CVE-2025-62603
EUVD
EUVD-2025-206665
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
eprosima fast_dds to 2.6.11 (exc)
eprosima fast_dds From 3.0.0 (inc) to 3.3.1 (exc)
eprosima fast_dds 3.4.0
debian debian_linux 11.0
debian debian_linux 12.0
debian debian_linux 13.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability affects Fast DDS versions prior to 3.4.1, 3.3.1, and 2.6.11, where the ParticipantGenericMessage parser can be triggered to cause an out-of-memory condition by processing malformed DataHolderSeq messages.

Detection on your network or system would involve identifying the presence of vulnerable Fast DDS versions and monitoring for unusual or malformed DDS security control messages, especially those containing ParticipantGenericMessage traffic.

Since the vulnerability is triggered by parsing the entire DataHolderSeq in ParticipantGenericMessage, you can detect potentially malicious traffic by capturing and inspecting DDS RTPS packets on the network.

Suggested commands to detect vulnerable versions and monitor traffic include:

  • Check installed Fast DDS version: `fastdds --version` or check package version via your package manager (e.g., `dpkg -l | grep fastdds` on Debian-based systems).
  • Use network packet capture tools like tcpdump or Wireshark to capture DDS RTPS traffic on UDP port 7400 (default RTPS port): `tcpdump -i <interface> udp port 7400 -w capture.pcap`
  • Analyze captured packets in Wireshark with DDS and RTPS dissectors to look for ParticipantGenericMessage packets and inspect their DataHolderSeq contents for anomalies or malformed sequences.
  • Monitor application logs for crashes or out-of-memory errors related to Fast DDS processes, which may indicate exploitation attempts.

Note that no specific detection scripts or signatures are provided in the available resources, so detection relies on version checking and network traffic inspection.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, upgrade Fast DDS to version 3.4.1 or later, where the issue has been fixed.

Ensure that your systems are not running vulnerable versions such as 3.3.0 or earlier, as these are susceptible to out-of-memory conditions caused by malformed ParticipantGenericMessage parsing.

Monitor Debian security advisories and apply patches when available, noting that some Debian releases have postponed fixes.


Can you explain this vulnerability to me?

CVE-2025-62603 is a vulnerability in Fast DDS, a C++ implementation of the Data Distribution Service (DDS) standard. The issue arises in the ParticipantGenericMessage component, which handles security control messages including handshake and ongoing security traffic. When receiving messages, the parser fully deserializes the entire DataHolderSeq structure without minimal preliminary checks. Because the parser operates statelessly and processes the entire sequence, it can be triggered to consume excessive memory, leading to an out-of-memory condition that can remotely terminate the process.

This vulnerability affects versions prior to Fast DDS 3.4.1, 3.3.1, and 2.6.11, which include patches to fix this parsing behavior.


How can this vulnerability impact me? :

The vulnerability can cause an out-of-memory condition on the system running Fast DDS, which can lead to a remote denial of service by terminating the affected process. This means an attacker could remotely disrupt the availability of services relying on Fast DDS by sending specially crafted messages that exploit the parsing flaw.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart