CVE-2025-63548
Deferred Deferred - Pending Action
Denial of Service in Eprosima Micro-XRCE-DDS Agent

Publication date: 2026-05-01

Last updated on: 2026-05-05

Assigner: MITRE

Description
An issue in Eprosima Micro-XREC-DDS Agent v.3.0.1 allows a remote attacker to cause a denial of service via a packet specially crafted to bear a non-valid value in any Boolean field.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-01
Last Modified
2026-05-05
Generated
2026-06-16
AI Q&A
2026-05-01
EPSS Evaluated
2026-06-15
NVD
CVE-2025-63548
EUVD
EUVD-2025-209606
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
eprosima micro-xrec-dds_agent 3.0.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-241 The product does not handle or incorrectly handles when a particular element is not the expected type, e.g. it expects a digit (0-9) but is provided with a letter (A-Z).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability causes a denial of service by crashing the Micro-XRCE-DDS-Agent when it receives invalid Boolean values. This affects system stability and availability.

While the CVE description and resources do not explicitly mention compliance with standards like GDPR or HIPAA, denial of service vulnerabilities can impact availability requirements that are part of many security and privacy regulations.

Specifically, regulations such as GDPR and HIPAA require organizations to ensure the availability and resilience of systems processing personal or sensitive data. A denial of service vulnerability could potentially hinder compliance by disrupting service availability.

However, no direct information is provided about data breach, data confidentiality, or integrity impacts related to this vulnerability.

Detection Guidance

The vulnerability causes the Micro-XRCE-DDS-Agent to crash when it receives packets with invalid Boolean values (values other than 0 or 1). Detection can involve monitoring the agent for unexpected crashes or instability.

Since the issue arises from malformed packets with invalid Boolean fields, network detection could focus on capturing and analyzing packets sent to the agent to identify Boolean fields with non-standard values.

Specific commands are not provided in the resources, but general approaches include:

  • Using packet capture tools like tcpdump or Wireshark to monitor traffic to the Micro-XRCE-DDS-Agent and filter for suspicious packets containing Boolean fields.
  • Monitoring the agent's logs and system logs for crash reports or error messages related to deserialization exceptions.
  • Setting up automated alerts for agent process crashes or restarts.
Mitigation Strategies

Immediate mitigation steps include:

  • Apply any available patches or updates from the vendor that address the validation of Boolean fields during deserialization.
  • If patches are not yet available, consider implementing network-level filtering to block malformed packets that contain invalid Boolean values.
  • Monitor the Micro-XRCE-DDS-Agent for crashes and restart the service as needed to maintain availability.
  • Review and enhance logging to detect and analyze malformed packets causing the issue.
Executive Summary

This vulnerability exists in Eprosima Micro-XREC-DDS Agent version 3.0.1. It allows a remote attacker to cause a denial of service by sending a specially crafted packet that contains an invalid value in any Boolean field.

Impact Analysis

The impact of this vulnerability is a denial of service condition, which means that an attacker can disrupt the normal operation of the Eprosima Micro-XREC-DDS Agent by sending malformed packets. This could lead to service unavailability or interruption.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-63548. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart