CVE-2025-62599
📋 TL;DR
This vulnerability in Fast DDS allows remote attackers to cause a denial of service by triggering an out-of-memory condition. When security mode is enabled, tampering with specific fields in SPDP packets causes integer overflow during resize operations, leading to service termination. Systems using vulnerable Fast DDS versions with security mode enabled are affected.
💻 Affected Systems
- Fast DDS (formerly Fast RTPS)
📦 What is this software?
Fast Dds by Eprosima
Fast Dds by Eprosima
Fast Dds by Eprosima
⚠️ Risk & Real-World Impact
Worst Case
Remote attackers can crash Fast-DDS services, causing complete denial of service for DDS-based applications and potentially disrupting critical systems relying on real-time data distribution.
Likely Case
Service disruption through remote DoS attacks, requiring service restart and causing temporary loss of data distribution capabilities.
If Mitigated
Limited impact if security mode is disabled or systems are behind firewalls with strict network controls.
🎯 Exploit Status
Exploitation requires network access to Fast DDS endpoints and security mode to be enabled. The vulnerability is triggered by modifying specific packet fields.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.4.1, 3.3.1, or 2.6.11 depending on your branch
Vendor Advisory: https://github.com/eProsima/Fast-DDS/security/advisories
Restart Required: Yes
Instructions:
1. Identify your Fast DDS version. 2. Upgrade to patched version: 3.4.1 (main branch), 3.3.1 (3.3.x branch), or 2.6.11 (2.6.x branch). 3. Recompile and redeploy applications using Fast DDS. 4. Restart all Fast DDS services.
🔧 Temporary Workarounds
Disable Security Mode
allTemporarily disable Fast DDS security mode if not required for your use case
Set security mode to false in Fast DDS configuration files
Network Segmentation
linuxRestrict network access to Fast DDS endpoints using firewalls
iptables -A INPUT -p tcp --dport [Fast DDS port] -j DROP
ufw deny [Fast DDS port]
🧯 If You Can't Patch
- Implement strict network access controls to limit who can communicate with Fast DDS endpoints
- Monitor for abnormal memory usage patterns and implement automatic restart mechanisms
🔍 How to Verify
Check if Vulnerable:
Check Fast DDS version and verify security mode is enabled. Vulnerable if version < 3.4.1, < 3.3.1, or < 2.6.11 AND security mode enabled.Check Version:
Check build configuration or use: ldd --version | grep Fast-DDS or check installed package versionVerify Fix Applied:
Verify Fast DDS version is 3.4.1, 3.3.1, or 2.6.11 or higher. Test with security mode enabled to ensure no OOM conditions occur.📡 Detection & Monitoring
Log Indicators:
- Out of memory errors
- Fast DDS process termination
- Abnormal memory consumption spikes
- Security mode initialization logs
Network Indicators:
- Malformed SPDP packets with modified DATA Submessage fields
- Unusual traffic to Fast DDS ports
SIEM Query:
process_name:"fastdds" AND (event_type:"crash" OR memory_usage:>90%)🔗 References
- https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f1cf159ee37c5f
- https://github.com/eProsima/Fast-DDS/commit/a726e6a5daba660418d1f7c05b6f203c17747d2b
- https://github.com/eProsima/Fast-DDS/commit/ced3b6f92d928af1eae77d5fe889878128ad421a
- https://security-tracker.debian.org/tracker/CVE-2025-62599
