Login Sign Up

CVE-2025-24807

7.1 HIGH

📋 TL;DR

This vulnerability in eprosima Fast DDS allows expired Permissions Certificate Authorities (PermissionsCA) to be accepted as valid due to insufficient validation of certificate chains and expiration dates. The access control plugin only validates S/MIME signatures, potentially allowing governance/permissions from expired certificates. Systems using Fast DDS with security plugins enabled are affected.

💻 Affected Systems

Products:
  • eprosima Fast DDS
Versions: All versions prior to 2.6.10, 2.10.7, 2.14.5, 3.0.2, 3.1.2, and 3.2.0
Operating Systems: All platforms running Fast DDS
Default Config Vulnerable: ✅ No
Notes: Only affects systems using Fast DDS security plugins with PermissionsCA functionality enabled.

📦 What is this software?

Fast Dds by Eprosima

View all CVEs affecting Fast Dds →

Fast Dds by Eprosima

View all CVEs affecting Fast Dds →

Fast Dds by Eprosima

View all CVEs affecting Fast Dds →

Fast Dds by Eprosima

View all CVEs affecting Fast Dds →

Fast Dds by Eprosima

View all CVEs affecting Fast Dds →

⚠️ Risk & Real-World Impact

🔴

Worst Case

System crash when PermissionsCA is not self-signed and contains full-chain, potentially causing denial of service in DDS-based communication systems.

🟠

Likely Case

Expired PermissionsCA certificates being accepted as valid, potentially allowing unauthorized access control configurations to persist beyond intended validity periods.

🟢

If Mitigated

Minimal impact if proper certificate lifecycle management is implemented and systems are isolated from untrusted networks.

🌐 Internet-Facing: LOW - DDS systems are typically deployed in controlled environments and not directly internet-facing.
🏢 Internal Only: MEDIUM - Internal DDS deployments could be affected if certificate management practices are poor.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires ability to manipulate certificate validation process and knowledge of target DDS security configuration.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.6.10, 2.10.7, 2.14.5, 3.0.2, 3.1.2, or 3.2.0

Vendor Advisory: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-w33g-jmm2-8983

Restart Required: Yes

Instructions:

1. Identify your Fast DDS version. 2. Upgrade to the appropriate patched version for your release line. 3. Restart all Fast DDS applications. 4. Verify certificate validation is working correctly.

🔧 Temporary Workarounds

Disable security plugins

all

Temporarily disable Fast DDS security plugins if they are not essential for your deployment

Configure Fast DDS without security plugins enabled

Use self-signed PermissionsCA

all

Configure PermissionsCA certificates to be self-signed to avoid the crash scenario

Ensure all PermissionsCA certificates are self-signed

🧯 If You Can't Patch

  • Implement strict certificate lifecycle management with manual expiration monitoring
  • Isolate Fast DDS deployments from untrusted networks and implement network segmentation

🔍 How to Verify

Check if Vulnerable:

Check Fast DDS version and verify if security plugins with PermissionsCA are enabled in configuration

Check Version:

Check Fast DDS library version or application output for version information

Verify Fix Applied:

Test with expired PermissionsCA certificate - it should be rejected after patch

📡 Detection & Monitoring

Log Indicators:

  • Certificate validation errors
  • Security plugin initialization failures
  • Unexpected certificate acceptance

Network Indicators:

  • Unusual DDS security handshake patterns
  • Certificate validation bypass attempts

SIEM Query:

Search for Fast DDS security plugin errors or certificate validation warnings in application logs

📊 Metadata

CVE ID: CVE-2025-24807
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CWE: CWE-345
EPSS Score: 0.06% exploit probability (19.9th percentile)
Published: February 11, 2025
Last Updated: February 21, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-24807, you might also want to check these:

CVE-2022-30315 9.8

Honeywell Experion PKS Safety Manager controllers lack cryptographic authentication for control logi...

Same vulnerability type (CWE-345)
CVE-2025-66255 9.8

This vulnerability allows unauthenticated attackers to upload malicious firmware files to Mozart FM ...

Same vulnerability type (CWE-345)
CVE-2022-26871 9.8

CVE-2022-26871 is a critical arbitrary file upload vulnerability in Trend Micro Apex Central that al...

Same vulnerability type (CWE-345)