CVE-2025-63548
Denial of Service in Eprosima Micro-XRCE-DDS Agent
Publication date: 2026-05-01
Last updated on: 2026-05-05
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| eprosima | micro-xrec-dds_agent | 3.0.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-241 | The product does not handle or incorrectly handles when a particular element is not the expected type, e.g. it expects a digit (0-9) but is provided with a letter (A-Z). |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability causes a denial of service by crashing the Micro-XRCE-DDS-Agent when it receives invalid Boolean values. This affects system stability and availability.
While the CVE description and resources do not explicitly mention compliance with standards like GDPR or HIPAA, denial of service vulnerabilities can impact availability requirements that are part of many security and privacy regulations.
Specifically, regulations such as GDPR and HIPAA require organizations to ensure the availability and resilience of systems processing personal or sensitive data. A denial of service vulnerability could potentially hinder compliance by disrupting service availability.
However, no direct information is provided about data breach, data confidentiality, or integrity impacts related to this vulnerability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The vulnerability causes the Micro-XRCE-DDS-Agent to crash when it receives packets with invalid Boolean values (values other than 0 or 1). Detection can involve monitoring the agent for unexpected crashes or instability.
Since the issue arises from malformed packets with invalid Boolean fields, network detection could focus on capturing and analyzing packets sent to the agent to identify Boolean fields with non-standard values.
Specific commands are not provided in the resources, but general approaches include:
- Using packet capture tools like tcpdump or Wireshark to monitor traffic to the Micro-XRCE-DDS-Agent and filter for suspicious packets containing Boolean fields.
- Monitoring the agent's logs and system logs for crash reports or error messages related to deserialization exceptions.
- Setting up automated alerts for agent process crashes or restarts.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include:
- Apply any available patches or updates from the vendor that address the validation of Boolean fields during deserialization.
- If patches are not yet available, consider implementing network-level filtering to block malformed packets that contain invalid Boolean values.
- Monitor the Micro-XRCE-DDS-Agent for crashes and restart the service as needed to maintain availability.
- Review and enhance logging to detect and analyze malformed packets causing the issue.
Can you explain this vulnerability to me?
This vulnerability exists in Eprosima Micro-XREC-DDS Agent version 3.0.1. It allows a remote attacker to cause a denial of service by sending a specially crafted packet that contains an invalid value in any Boolean field.
How can this vulnerability impact me? :
The impact of this vulnerability is a denial of service condition, which means that an attacker can disrupt the normal operation of the Eprosima Micro-XREC-DDS Agent by sending malformed packets. This could lead to service unavailability or interruption.