CVE-2025-10450 is a vulnerability classified under CWE-359, indicating exposure of private personal information to unauthorized actors due to insufficient protection of sensitive data during network transmission in RTI Connext Professional Core Libraries. The affected versions include 7.2.0 up to but not including 7.3.1, and 7.4.0 up to but not including 7.*. The vulnerability enables attackers to sniff network traffic without requiring authentication or user interaction, exploiting a network attack vector with low attack complexity. The vulnerability impacts confidentiality heavily, with limited impact on integrity and availability. RTI Connext Professional is widely used in real-time distributed systems, including industrial automation, automotive, aerospace, and defense sectors, where secure and reliable data exchange is critical. The flaw likely stems from lack of adequate encryption or improper handling of sensitive data in transit, allowing attackers positioned on the network path to intercept and access private personal information. Although no exploits are known in the wild yet, the vulnerability’s characteristics and CVSS 8.3 score indicate a high risk of exploitation. The absence of patches at the time of disclosure necessitates immediate mitigation through network controls and monitoring. This vulnerability underscores the importance of securing middleware communication layers in critical infrastructure and embedded systems.

For European organizations, the exposure of private personal information through this vulnerability can lead to significant data breaches, regulatory non-compliance (e.g., GDPR), and loss of trust. Industries relying on RTI Connext Professional for real-time data exchange, such as automotive manufacturing, aerospace, defense, and industrial automation, face risks of intellectual property theft, operational disruption, and espionage. The ability to sniff network traffic without authentication means attackers can operate remotely if they gain network access, increasing the attack surface. Confidentiality breaches can result in fines, legal consequences, and damage to brand reputation. Additionally, compromised data integrity or availability, though limited, could disrupt critical real-time systems, impacting safety and operational continuity. European critical infrastructure operators using RTI products must consider this vulnerability a high priority to avoid cascading effects on national security and economic stability.

1. Apply vendor patches immediately once released to address the vulnerability in affected RTI Connext Professional versions. 2. Until patches are available, enforce strong network encryption protocols (e.g., TLS 1.3) on all RTI Connext communication channels to protect data in transit. 3. Implement strict network segmentation and access controls to limit exposure of RTI systems to untrusted networks or actors. 4. Deploy intrusion detection and prevention systems (IDS/IPS) to monitor for unusual network traffic patterns indicative of sniffing or interception attempts. 5. Conduct regular security audits and penetration testing focused on middleware communication layers. 6. Educate network and security teams about the vulnerability specifics to enhance incident response readiness. 7. Consider using VPNs or dedicated secure communication tunnels for RTI Connext traffic in sensitive environments. 8. Maintain up-to-date asset inventories to quickly identify and remediate affected systems. These targeted actions go beyond generic advice by focusing on securing the middleware communication and network environment specific to RTI Connext Professional deployments.