CVE-2024-25724 – A buffer overflow vulnerability in RTI Connext ... (How to Fix)

Q: What is the severity of CVE-2024-25724?

CVE-2024-25724 has a CVSS score of 7.3 (HIGH). A buffer overflow vulnerability in RTI Connext Professional's XML parsing allows attackers to execute arbitrary code, leak sensitive information, or crash affected services. This affects Routing Service, Recording Service, Queuing Service, and Cloud Discovery Service in versions 5.3.1 through 6.1.0. Attackers can exploit this via malicious RTPS messages, compromised API calls, or local malicious XML files.

📋 TL;DR

A buffer overflow vulnerability in RTI Connext Professional's XML parsing allows attackers to execute arbitrary code, leak sensitive information, or crash affected services. This affects Routing Service, Recording Service, Queuing Service, and Cloud Discovery Service in versions 5.3.1 through 6.1.0. Attackers can exploit this via malicious RTPS messages, compromised API calls, or local malicious XML files.

💻 Affected Systems

Products:

RTI Connext Professional Routing Service
RTI Connext Professional Recording Service
RTI Connext Professional Queuing Service
RTI Connext Professional Cloud Discovery Service

Versions: 5.3.1 through 6.1.0

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments using affected services are vulnerable regardless of configuration. The vulnerability exists in the XML parsing component used by multiple services.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with service privileges leading to complete system compromise, data exfiltration, and lateral movement within the network.

🟠

Likely Case

Service crashes causing denial of service, potential information disclosure from memory leaks, and limited code execution in constrained environments.

🟢

If Mitigated

Service disruption from crashes with no data loss if proper network segmentation and least privilege are implemented.

🌐 Internet-Facing: HIGH - Services exposed to untrusted networks can be exploited via malicious RTPS messages without authentication.

🏢 Internal Only: MEDIUM - Requires compromised API calls or local file access, but still poses significant risk in multi-tenant or shared environments.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Remote exploitation via RTPS messages requires network access but no authentication. Local exploitation requires file system access or compromised API calls.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.1.1

Vendor Advisory: https://community.rti.com/static/documentation/connext-dds/current/doc/vulnerabilities/index.html#cve-2024-25724

Restart Required: Yes

Instructions:

1. Download RTI Connext Professional 6.1.1 or later from RTI's official distribution channels. 2. Stop all affected services. 3. Install the updated version following RTI's installation guide. 4. Restart services with the patched version.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected services from untrusted networks and restrict RTPS traffic to trusted sources only.

File System Controls

linux

Implement strict file permissions and monitoring on directories containing XML configuration files.

chmod 600 /path/to/config/files/*.xml
chown root:root /path/to/config/files/*.xml

🧯 If You Can't Patch

Implement strict network access controls to limit RTPS traffic to trusted sources only.
Monitor service logs for abnormal behavior and implement file integrity monitoring on XML configuration files.

🔍 How to Verify

Check if Vulnerable:

Check the installed version of RTI Connext Professional. If version is between 5.3.1 and 6.1.0 inclusive, the system is vulnerable.

Check Version:

rtiddsgen -version

Verify Fix Applied:

Confirm installation of version 6.1.1 or later and verify services are running with the updated binaries.

📡 Detection & Monitoring

Log Indicators:

Service crashes with segmentation faults or access violations
Unusual XML parsing errors in service logs
Abnormal memory usage patterns before service termination

Network Indicators:

Malformed RTPS packets targeting vulnerable services
Unexpected XML content in network traffic to service ports

SIEM Query:

source="*rti*" AND (event_type="crash" OR error="segmentation fault" OR error="buffer overflow")

📊 Metadata

CVE ID: CVE-2024-25724

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

CWE: CWE-120

Published: May 21, 2024

Last Updated: October 21, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-25724, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Connext Professional by Rti

Connext Professional by Rti

Connext Professional by Rti

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Segmentation

File System Controls

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities