CVE-2025-62600 in Fast-DDS
Summary
by MITRE • 02/03/2026
Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes an Out-Of-Memory (OOM) condition, resulting in remote termination of Fast-DDS. If t he fields of PID_IDENTITY_TOKEN or PID_PERMISSION_TOKEN in the DATA Submessage — specifically by tampering with the length field in readBinaryPropertySeq — are modified, an integer overflow occurs, leading to an OOM during the resize operation. Versions 3.4.1, 3.3.1, and 2.6.11 patch the issue.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 02/26/2026
The vulnerability identified as CVE-2025-62600 affects Fast DDS, a widely used C++ implementation of the Data Distribution Service (DDS) standard developed by the Object Management Group. This security flaw exists in versions prior to 3.4.1, 3.3.1, and 2.6.11, specifically when the security mode is enabled within the DDS communication framework. The vulnerability represents a critical remote code execution risk that can lead to denial of service conditions and system termination, making it particularly dangerous in distributed systems where reliability and availability are paramount.
The technical flaw manifests through manipulation of the DATA Submessage within SPDP (Service Participant Discovery Protocol) packets transmitted by publishers. When attackers modify specific fields within the PID_IDENTITY_TOKEN or PID_PERMISSION_TOKEN properties, particularly targeting the length field within the readBinaryPropertySeq function, an integer overflow occurs during memory allocation operations. This overflow directly translates to an out-of-memory condition that causes the Fast DDS process to terminate remotely. The vulnerability operates at the memory management level where the system attempts to resize memory buffers based on manipulated length values, creating a scenario where the resize operation consumes excessive memory resources or triggers invalid memory operations.
The operational impact of this vulnerability extends beyond simple denial of service, as it enables remote attackers to systematically disrupt DDS-based communication networks. In industrial control systems, automotive networks, and real-time data distribution environments where Fast DDS is commonly deployed, such an attack could result in complete system failures, data loss, or compromised safety-critical operations. The vulnerability is particularly concerning because it requires minimal privileges to exploit, as the manipulation can occur through network packets without requiring authentication or direct system access. The integer overflow condition specifically maps to CWE-190, which describes integer overflow conditions that can lead to memory corruption and system instability.
Security researchers have identified this issue as a significant threat to distributed systems relying on DDS implementations, particularly those implementing security features that process incoming discovery packets. The fix implemented in versions 3.4.1, 3.3.1, and 2.6.11 addresses the root cause by implementing proper bounds checking and input validation for the length fields within binary property sequences. Organizations utilizing Fast DDS should prioritize immediate patching of affected systems, as the vulnerability can be exploited remotely without user interaction or authentication. The ATT&CK framework categorizes this vulnerability under T1499.004, which covers network denial of service attacks, and T1210, which covers exploitation of remote services, making it a critical target for security operations teams to monitor and remediate across their infrastructure.
Mitigation strategies should include immediate deployment of patched versions, network segmentation to limit exposure of DDS services, and implementation of intrusion detection systems to monitor for suspicious packet patterns targeting the vulnerable DATA Submessage fields. Additionally, organizations should consider implementing network access controls that restrict which systems can communicate with DDS services and establish monitoring protocols to detect abnormal memory consumption patterns that might indicate exploitation attempts. The vulnerability demonstrates the importance of thorough input validation in security-critical systems and highlights the need for comprehensive testing of memory management operations within distributed communication frameworks.