CVE-2025-63547
Denial of Service in Eprosima Micro-XRCE-DDS Agent
Publication date: 2026-05-01
Last updated on: 2026-05-05
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| eprosima | micro_xrec_dds_agent | 3.0.1 |
| eprosima | micro-xrce-dds-agent | 3.0.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-805 | The product uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can cause a denial of service (DoS) condition in the affected software.
By sending a crafted packet with an MTU length of zero, an attacker can crash the Micro-XRCE-DDS-Agent, disrupting its normal operation and potentially causing system instability or downtime.
Such crashes or memory corruption issues can lead to service interruptions, affecting availability and reliability of systems relying on this agent.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
CVE-2025-63547 is a vulnerability in Eprosima Micro-XRCE-DDS-Agent version 3.0.1 where the Maximum Transmission Unit (MTU) length parameter is not properly validated during client creation.
A remote attacker can send a specially crafted packet with an MTU length of zero, causing the software to attempt allocating a zero-sized memory buffer. This improper allocation can lead to undefined behavior such as crashes, memory corruption, or other hard-to-debug issues depending on the system's memory allocator.
The vulnerability occurs because the agent does not reject invalid MTU values (like zero) before allocating memory, which should be prevented by validating that MTU is greater than zero.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for CREATE_CLIENT messages with an MTU length field set to zero, which is invalid and triggers the issue.
On the system running the Micro-XRCE-DDS-Agent, checking the agent CLI logs for error messages related to CREATE_CLIENT packets with an MTU of 0 can help identify attempts to exploit this vulnerability.
Network detection could involve capturing and inspecting packets to identify any CREATE_CLIENT messages containing an MTU length of zero.
- Use packet capture tools like tcpdump or Wireshark to filter and analyze packets for CREATE_CLIENT messages with MTU=0.
- Example tcpdump command to capture relevant packets (assuming knowledge of protocol and ports): tcpdump -i <interface> -w capture.pcap
- Analyze the capture with Wireshark or a custom script to detect MTU length fields set to zero in CREATE_CLIENT messages.
On the agent side, review logs for error entries indicating rejection or assertion failures due to MTU=0 during client creation.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the Micro-XRCE-DDS-Agent software to a version where the vulnerability is patched.
The vendor fixed the issue by adding validation to ensure the MTU length is greater than zero before any memory allocation and by adding error logging for invalid MTU values.
If updating immediately is not possible, monitor and block network traffic containing CREATE_CLIENT messages with an MTU length of zero to prevent exploitation.
Additionally, enable and review agent CLI error logs to detect and respond to any attempts to send invalid MTU values.