CVE-2025-62600

eprosima Fast DDS affected by Out-of-Memory in readBinaryPropertySeq via Manipulated DATA Submessage when DDS Security is enabled

Description

eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes an Out-Of-Memory (OOM) condition, resulting in remote termination of Fast-DDS. If the fields of PID_IDENTITY_TOKEN or PID_PERMISSION_TOKEN in the DATA Submessage — specifically by tampering with the length field in readBinaryPropertySeq— are modified, an integer overflow occurs, leading to an OOM during the resize operation. This vulnerability is fixed in 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1.

INFO

Published Date :

2026-02-03T19:11:19.429Z

Last Modified :

2026-04-14T15:39:28.295Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2025-62600 vulnerability.

Vendors	Products
Debian	Debian Linux
Eprosima	Fast Dds

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-62600.

URL	Resource
https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-hvm8-mm7f-m6hc

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact