CVE-2025-64098
📋 TL;DR
This vulnerability in Fast DDS allows remote attackers to cause a denial of service by triggering an out-of-memory condition through specially crafted SPDP packets. When security mode is enabled, tampering with token fields in DATA Submessages leads to integer overflow and process termination. Systems using vulnerable versions of Fast DDS with security enabled are affected.
💻 Affected Systems
- Fast DDS (formerly Fast RTPS)
📦 What is this software?
Fast Dds by Eprosima
Fast Dds by Eprosima
Fast Dds by Eprosima
⚠️ Risk & Real-World Impact
Worst Case
Remote attackers can crash Fast-DDS processes, causing complete denial of service for DDS-based applications and potentially disrupting critical real-time systems.
Likely Case
Denial of service attacks against Fast-DDS deployments, disrupting data distribution in industrial, automotive, or IoT systems.
If Mitigated
Limited impact if security mode is disabled or systems are isolated from untrusted networks.
🎯 Exploit Status
Exploitation requires network access to Fast-DDS endpoints and security mode enabled. The vulnerability is in the parsing of SPDP packets.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.4.1, 3.3.1, or 2.6.11
Vendor Advisory: https://github.com/eProsima/Fast-DDS/security/advisories
Restart Required: Yes
Instructions:
1. Identify Fast DDS version. 2. Upgrade to patched version: 3.4.1, 3.3.1, or 2.6.11. 3. Recompile applications using Fast DDS. 4. Restart affected services.
🔧 Temporary Workarounds
Disable Security Mode
allDisable Fast-DDS security mode if not required, as vulnerability only affects security-enabled configurations.
Set Fast-DDS configuration to disable security features
Network Segmentation
linuxRestrict network access to Fast-DDS endpoints using firewalls or network policies.
iptables -A INPUT -p udp --dport 7400-7500 -j DROP
Configure firewall to block untrusted access to DDS ports
🧯 If You Can't Patch
- Disable Fast-DDS security mode if not essential for your use case
- Implement strict network controls to limit access to Fast-DDS endpoints from untrusted sources
🔍 How to Verify
Check if Vulnerable:
Check Fast DDS version and verify security mode is enabled. Vulnerable if version < 3.4.1, 3.3.1, or 2.6.11 AND security enabled.Check Version:
Check application documentation or build configuration for Fast DDS version. For compiled applications, may require checking build logs or package manifests.Verify Fix Applied:
Verify Fast DDS version is 3.4.1, 3.3.1, or 2.6.11 or higher. Test with security mode enabled to ensure no crashes from malformed packets.📡 Detection & Monitoring
Log Indicators:
- Fast-DDS process crashes or termination
- Out of memory errors in system logs
- Abnormal termination of DDS applications
Network Indicators:
- Unusual SPDP packet patterns
- Malformed DDS packets to port 7400-7500 range
- Rapid sequence of similar packets to DDS endpoints
SIEM Query:
source="fastdds.log" AND ("out of memory" OR "segmentation fault" OR "terminated unexpectedly")🔗 References
- https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f1cf159ee37c5f
- https://github.com/eProsima/Fast-DDS/commit/a726e6a5daba660418d1f7c05b6f203c17747d2b
- https://github.com/eProsima/Fast-DDS/commit/ced3b6f92d928af1eae77d5fe889878128ad421a
- https://security-tracker.debian.org/tracker/CVE-2025-64098
