CVE-2025-62602
📋 TL;DR
This vulnerability in Fast DDS allows remote attackers to cause denial-of-service by sending specially crafted SPDP packets with manipulated DATA Submessage fields. When security mode is enabled, tampering with PID_IDENTITY_TOKEN or PID_PERMISSIONS_TOKEN fields triggers a heap buffer overflow via integer overflow, leading to process termination. Systems using vulnerable Fast DDS versions with security enabled are affected.
💻 Affected Systems
- Fast DDS (formerly Fast RTPS)
📦 What is this software?
Fast Dds by Eprosima
Fast Dds by Eprosima
Fast Dds by Eprosima
⚠️ Risk & Real-World Impact
Worst Case
Remote process termination leading to complete service disruption of DDS-based applications, potentially affecting critical systems like autonomous vehicles, industrial control, or medical devices.
Likely Case
Remote denial-of-service causing Fast-DDS process crashes and service interruption in affected applications.
If Mitigated
Limited impact if security mode is disabled or network segmentation prevents attacker access.
🎯 Exploit Status
Exploitation requires understanding of DDS protocol and ability to craft/modify SPDP packets. No public exploit code identified at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.4.1, 3.3.1, or 2.6.11
Vendor Advisory: https://github.com/eProsima/Fast-DDS/security/advisories
Restart Required: Yes
Instructions:
1. Identify your Fast DDS version. 2. Upgrade to patched version: 3.4.1 for 3.4.x branch, 3.3.1 for 3.3.x branch, or 2.6.11 for 2.6.x branch. 3. Recompile applications using Fast DDS. 4. Restart all Fast DDS processes.
🔧 Temporary Workarounds
Disable Security Mode
allTemporarily disable Fast DDS security features if not required, as vulnerability only affects security-enabled configurations.
Modify Fast DDS configuration XML to set <security><enabled>false</enabled></security>
Network Segmentation
linuxRestrict network access to Fast DDS endpoints using firewalls or network policies.
iptables -A INPUT -p tcp --dport 7400 -j DROP
iptables -A INPUT -p udp --dport 7400 -j DROP
🧯 If You Can't Patch
- Implement strict network segmentation to isolate Fast DDS traffic to trusted networks only
- Deploy intrusion detection/prevention systems to monitor for SPDP packet manipulation attempts
🔍 How to Verify
Check if Vulnerable:
Check Fast DDS version and verify security mode is enabled. Vulnerable if version < 3.4.1, < 3.3.1, or < 2.6.11 with security enabled.Check Version:
Check build configuration or run application with --version flag if availableVerify Fix Applied:
Confirm Fast DDS version is 3.4.1, 3.3.1, or 2.6.11 or higher. Test with security mode enabled to ensure no crashes from SPDP manipulation.📡 Detection & Monitoring
Log Indicators:
- Fast DDS process crashes
- Segmentation fault errors
- Out of memory errors in system logs
Network Indicators:
- Unusual SPDP packet patterns
- Modified DATA Submessage fields in DDS traffic
- Traffic to/from port 7400 with manipulated tokens
SIEM Query:
source="fastdds.log" AND ("segmentation fault" OR "heap overflow" OR "process terminated")🔗 References
- https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f1cf159ee37c5f
- https://github.com/eProsima/Fast-DDS/commit/a726e6a5daba660418d1f7c05b6f203c17747d2b
- https://github.com/eProsima/Fast-DDS/commit/ced3b6f92d928af1eae77d5fe889878128ad421a
- https://security-tracker.debian.org/tracker/CVE-2025-62602
