Login Sign Up

CVE-2025-64438

7.5 HIGH
Denial of Service

📋 TL;DR

CVE-2025-64438 is a remotely triggerable denial-of-service vulnerability in Fast DDS that allows unauthenticated attackers to cause out-of-memory conditions by sending specially crafted RTPS GAP submessages. This affects all systems running vulnerable versions of Fast DDS with RELIABLE QoS enabled, potentially leading to service disruption and process termination.

💻 Affected Systems

Products:
  • Fast DDS (formerly Fast RTPS)
Versions: All versions before 3.4.1, 3.3.1, and 2.6.11
Operating Systems: All platforms running Fast DDS
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects configurations using RELIABLE QoS. Best-effort QoS is not vulnerable.

📦 What is this software?

Fast Dds by Eprosima

View all CVEs affecting Fast Dds →

Fast Dds by Eprosima

View all CVEs affecting Fast Dds →

Fast Dds by Eprosima

View all CVEs affecting Fast Dds →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption with process termination due to memory exhaustion, potentially affecting critical DDS-based systems in industrial, automotive, or aerospace applications.

🟠

Likely Case

Denial of service affecting DDS communication channels, causing data loss and system instability in affected applications.

🟢

If Mitigated

Limited impact with proper network segmentation and memory limits, though some performance degradation may occur.

🌐 Internet-Facing: HIGH - No authentication required and network reachability is sufficient for exploitation.
🏢 Internal Only: HIGH - Internal attackers or compromised systems can exploit this without authentication.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending a specially crafted GAP packet with manipulated gap range values.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.4.1, 3.3.1, or 2.6.11

Vendor Advisory: https://github.com/eProsima/Fast-DDS/security/advisories

Restart Required: Yes

Instructions:

1. Identify Fast DDS version currently installed. 2. Upgrade to patched version (3.4.1, 3.3.1, or 2.6.11). 3. Recompile applications using Fast DDS. 4. Restart affected services.

🔧 Temporary Workarounds

Disable RELIABLE QoS

all

Switch to BEST_EFFORT QoS which is not vulnerable to this attack

Modify DDS QoS configuration to use BEST_EFFORT reliability

Implement memory limits

all

Set RSS limits to prevent complete memory exhaustion

ulimit -v [LIMIT_IN_KB] (Linux)
Set-ProcessMitigation (Windows)

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate DDS traffic from untrusted networks
  • Deploy network monitoring to detect and block malicious GAP packets with abnormal gap ranges

🔍 How to Verify

Check if Vulnerable:

Check Fast DDS version and verify if RELIABLE QoS is enabled in configuration

Check Version:

Check build configuration or use package manager: dpkg -l | grep fastdds (Debian/Ubuntu) or rpm -qa | grep fastdds (RHEL/CentOS)

Verify Fix Applied:

Verify version is 3.4.1, 3.3.1, or 2.6.11 or higher, and test with simulated GAP packets

📡 Detection & Monitoring

Log Indicators:

  • Rapid memory consumption spikes
  • Process termination due to OOM
  • Unusual GAP message patterns

Network Indicators:

  • GAP packets with abnormally large gap ranges
  • Sudden increase in DDS traffic to specific readers

SIEM Query:

source="fastdds.log" AND ("out of memory" OR "process terminated" OR "gap range")

📊 Metadata

CVE ID: CVE-2025-64438
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-835
EPSS Score: 0.03% exploit probability (8.3th percentile)
Published: February 3, 2026
Last Updated: February 18, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-64438, you might also want to check these:

CVE-2021-42143 9.1

This vulnerability in Contiki-NG tinyDTLS allows remote attackers to cause denial of service and pot...

Same vulnerability type (CWE-835)
CVE-2026-25533 8.8

This vulnerability allows attackers to bypass multiple security layers in Enclave, a JavaScript sand...

Same vulnerability type (CWE-835)
CVE-2023-20083 8.6

A vulnerability in Cisco Firepower Threat Defense (FTD) Software's ICMPv6 inspection with Snort 2 al...

Same vulnerability type (CWE-835)