Impact Analysis

This vulnerability can cause a denial of service (DoS) condition in the affected software.

By sending a crafted packet with an MTU length of zero, an attacker can crash the Micro-XRCE-DDS-Agent, disrupting its normal operation and potentially causing system instability or downtime.

Such crashes or memory corruption issues can lead to service interruptions, affecting availability and reliability of systems relying on this agent.

Useful 0 Not Useful 0

Executive Summary

CVE-2025-63547 is a vulnerability in Eprosima Micro-XRCE-DDS-Agent version 3.0.1 where the Maximum Transmission Unit (MTU) length parameter is not properly validated during client creation.

A remote attacker can send a specially crafted packet with an MTU length of zero, causing the software to attempt allocating a zero-sized memory buffer. This improper allocation can lead to undefined behavior such as crashes, memory corruption, or other hard-to-debug issues depending on the system's memory allocator.

The vulnerability occurs because the agent does not reject invalid MTU values (like zero) before allocating memory, which should be prevented by validating that MTU is greater than zero.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by monitoring for CREATE_CLIENT messages with an MTU length field set to zero, which is invalid and triggers the issue.

On the system running the Micro-XRCE-DDS-Agent, checking the agent CLI logs for error messages related to CREATE_CLIENT packets with an MTU of 0 can help identify attempts to exploit this vulnerability.

Network detection could involve capturing and inspecting packets to identify any CREATE_CLIENT messages containing an MTU length of zero.

• Use packet capture tools like tcpdump or Wireshark to filter and analyze packets for CREATE_CLIENT messages with MTU=0.
• Example tcpdump command to capture relevant packets (assuming knowledge of protocol and ports): tcpdump -i <interface> -w capture.pcap
• Analyze the capture with Wireshark or a custom script to detect MTU length fields set to zero in CREATE_CLIENT messages.

On the agent side, review logs for error entries indicating rejection or assertion failures due to MTU=0 during client creation.

Useful 0 Not Useful 0

Mitigation Strategies

The immediate mitigation step is to update the Micro-XRCE-DDS-Agent software to a version where the vulnerability is patched.

The vendor fixed the issue by adding validation to ensure the MTU length is greater than zero before any memory allocation and by adding error logging for invalid MTU values.

If updating immediately is not possible, monitor and block network traffic containing CREATE_CLIENT messages with an MTU length of zero to prevent exploitation.

Additionally, enable and review agent CLI error logs to detect and respond to any attempts to send invalid MTU values.

Useful 0 Not Useful 0

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Useful 0 Not Useful 0