CVE-2025-62799 – A heap buffer overflow vulnerability in Fast DD... (How to Fix)

Q: What is the severity of CVE-2025-62799?

CVE-2025-62799 has a CVSS score of 9.8 (CRITICAL). A heap buffer overflow vulnerability in Fast DDS allows unauthenticated attackers to send a single malformed RTPS DATA_FRAG packet, causing immediate crashes (DoS) and potentially enabling remote code execution. This affects all systems using vulnerable versions of Fast DDS for DDS communication. The vulnerability stems from improper handling of fragment metadata during 4-byte alignment.

📋 TL;DR

A heap buffer overflow vulnerability in Fast DDS allows unauthenticated attackers to send a single malformed RTPS DATA_FRAG packet, causing immediate crashes (DoS) and potentially enabling remote code execution. This affects all systems using vulnerable versions of Fast DDS for DDS communication. The vulnerability stems from improper handling of fragment metadata during 4-byte alignment.

💻 Affected Systems

Products:

Fast DDS (formerly Fast RTPS)

Versions: All versions before 3.4.1, 3.3.1, and 2.6.11

Operating Systems: All operating systems where Fast DDS is installed

Default Config Vulnerable: ⚠️ Yes

Notes: Any system using Fast DDS for DDS communication is vulnerable regardless of configuration.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Denial of service through application crashes, disrupting DDS-based communication systems.

🟢

If Mitigated

Limited impact if network segmentation prevents external access to DDS endpoints.

🌐 Internet-Facing: HIGH - Unauthenticated exploitation via single packet makes internet-exposed systems extremely vulnerable.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this, but requires network access to DDS endpoints.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW - Single malformed packet triggers the vulnerability.

The vulnerability requires sending a specially crafted RTPS DATA_FRAG packet to a vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.4.1, 3.3.1, or 2.6.11

Vendor Advisory: https://github.com/eProsima/Fast-DDS/security/advisories

Restart Required: Yes

Instructions:

1. Identify current Fast DDS version. 2. Upgrade to patched version (3.4.1, 3.3.1, or 2.6.11). 3. Recompile applications using Fast DDS. 4. Restart all services using Fast DDS.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict access to DDS endpoints using firewalls to trusted sources only.

Disable DATA_FRAG Reception

all

Configure Fast DDS to reject DATA_FRAG packets if not required for functionality.

🧯 If You Can't Patch

Implement strict network access controls to limit DDS traffic to trusted internal networks only.
Deploy intrusion detection systems to monitor for malformed RTPS packets and alert on exploitation attempts.

🔍 How to Verify

Check if Vulnerable:

Check Fast DDS version against vulnerable ranges (<3.4.1, <3.3.1, <2.6.11).

Check Version:

Check build configuration or use 'fastdds --version' if available, or examine source/build files.

Verify Fix Applied:

Confirm version is 3.4.1, 3.3.1, or 2.6.11 or higher, and test with valid RTPS traffic.

📡 Detection & Monitoring

Log Indicators:

Application crashes, segmentation faults, or abnormal termination of Fast DDS processes

Network Indicators:

Malformed RTPS packets with crafted fragmentSize/sampleSize values

SIEM Query:

Process termination events for Fast DDS executables OR network alerts for RTPS protocol anomalies

📊 Metadata

CVE ID: CVE-2025-62799

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-122

EPSS Score: 0.02% exploit probability (3.9th percentile)

Published: February 3, 2026

Last Updated: February 18, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-62799, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Debian Linux by Debian

Debian Linux by Debian

Debian Linux by Debian

Fast Dds by Eprosima

Fast Dds by Eprosima

Fast Dds by Eprosima

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Segmentation

Disable DATA_FRAG Reception

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities