Executive Summary

CVE-2025-64438 is a vulnerability in Fast DDS, a C++ implementation of the Data Distribution Service standard. The issue occurs when Fast DDS processes RTPS GAP submessages under RELIABLE Quality of Service (QoS). An attacker can send a small GAP packet with an extremely large gap range, causing the function StatefulReader::processGapMsg() to enter an unbounded loop. This loop inserts millions of sequence numbers into an internal set, leading to massive memory consumption (multi-gigabyte heap growth) and eventual process termination.

No authentication is required beyond network reachability to exploit this vulnerability, making it remotely triggerable. The root cause is the lack of limits on the number of GAP sequence numbers accepted and stored, which allows an attacker to exhaust system resources.

The vulnerability has been fixed in Fast DDS versions 3.4.1, 3.3.1, and 2.6.11 by introducing strict limits on the GAP sequence numbers processed and stored, preventing excessive resource consumption.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to a denial-of-service (DoS) condition by causing the Fast DDS process to consume excessive amounts of memory, potentially up to tens of gigabytes, which can crash or terminate the process.

An attacker with network access to the DDS domain can remotely trigger this condition by sending malicious GAP messages with very large sequence number ranges, without needing any authentication.

The resulting process termination or instability can disrupt communication and data distribution services relying on Fast DDS, impacting availability and reliability of systems using this middleware.

Useful 0 Not Useful 0

Detection Guidance

The vulnerability in Fast DDS involves processing malicious GAP messages with excessively large sequence number ranges that cause unbounded memory growth and denial of service.

Detection would involve monitoring network traffic for unusual or suspicious RTPS GAP submessages, especially those with very large gap ranges.

Since the vulnerability triggers on GAP messages with a huge gap range, you can inspect DDS traffic for GAP submessages where the gapList.base minus gapStart is unusually large.

Specific commands are not provided in the resources, but general approaches include:

• Using packet capture tools like tcpdump or Wireshark to filter and analyze RTPS GAP submessages.
• For example, capture UDP traffic on the DDS domain port and filter for RTPS GAP submessages.
• Analyze captured packets for GAP messages with unusually large sequence number ranges.

No explicit detection commands or scripts are provided in the available resources.

Useful 0 Not Useful 0

Mitigation Strategies

The primary mitigation is to upgrade Fast DDS to a fixed version where the vulnerability is patched.

The vulnerability is fixed in Fast DDS versions 3.4.1, 3.3.1, and 2.6.11 by limiting the number of GAP sequence numbers processed and stored, preventing resource exhaustion.

If upgrading is not immediately possible, consider network-level mitigations such as restricting network access to DDS readers to trusted sources only, since no authentication is required beyond network reachability.

Monitoring and filtering suspicious GAP messages with large gap ranges at the network perimeter may help reduce exposure.

Applying the patch from the upstream Fast DDS repository or waiting for updated packages from your distribution is recommended.

Useful 0 Not Useful 0

Compliance Impact

The provided context and resources do not contain any information regarding the impact of CVE-2025-64438 on compliance with common standards and regulations such as GDPR or HIPAA.

Useful 0 Not Useful 0