CVE-2025-62599 identifies an integer overflow vulnerability in the eProsima Fast-DDS library, a C++ implementation of the OMG Data Distribution Service standard used for real-time distributed systems communication. The flaw exists in versions prior to 3.4.1, 3.3.1, and 2.6.11 when the security mode is enabled. Specifically, an attacker can craft a malicious SPDP (Simple Participant Discovery Protocol) packet containing a DATA Submessage with tampered PID_IDENTITY_TOKEN or PID_PERMISSION_TOKEN fields. By manipulating the length field within the readPropertySeq sequence, an integer overflow occurs during a resize operation, causing the system to allocate an incorrect amount of memory. This leads to an out-of-memory condition that crashes the Fast-DDS process remotely, resulting in a denial-of-service (DoS). The vulnerability does not require authentication or user interaction and can be exploited over the network, but the impact is limited to process termination without further code execution or data compromise. The vulnerability is tracked under CWE-190 (Integer Overflow or Wraparound) and CWE-125 (Out-of-bounds Read). Although no exploits are known in the wild, the issue is addressed in the patched versions 3.4.1, 3.3.1, and 2.6.11. The CVSS 4.0 base score of 1.7 reflects the low severity due to limited impact and exploitation complexity.

For European organizations, the primary impact of CVE-2025-62599 is a potential denial-of-service condition in systems using vulnerable versions of Fast-DDS with security mode enabled. This can disrupt real-time communication in distributed applications such as industrial automation, automotive systems, robotics, and critical infrastructure monitoring, where Fast-DDS is commonly deployed. The out-of-memory crash can cause service interruptions, potentially leading to operational downtime and safety risks in time-sensitive environments. Although no data confidentiality or integrity loss is indicated, availability degradation can have significant consequences in sectors relying on continuous and reliable data distribution. The low CVSS score suggests limited risk for widespread exploitation, but targeted attacks against critical systems could still cause localized disruption. European industries with extensive use of DDS-based middleware, especially in Germany, France, Italy, and the Nordic countries, may face higher exposure due to their advanced manufacturing and automotive sectors.

1. Upgrade all Fast-DDS deployments to the patched versions 3.4.1, 3.3.1, or 2.6.11 as soon as possible to eliminate the integer overflow vulnerability. 2. Implement network segmentation and firewall rules to restrict DDS traffic only to trusted sources and prevent unauthorized external access to DDS participants. 3. Monitor network traffic for anomalous SPDP packets or unusual DDS message patterns that could indicate exploitation attempts. 4. Employ runtime protections such as memory usage monitoring and process watchdogs to detect and recover from unexpected Fast-DDS crashes. 5. Conduct security reviews and testing of DDS configurations, especially when enabling security mode, to ensure no malformed packets can be processed. 6. Collaborate with vendors and system integrators to verify that all DDS components in the supply chain are updated and securely configured. 7. Consider deploying intrusion detection systems capable of parsing DDS protocols to alert on suspicious activity. These steps go beyond generic advice by focusing on both patching and operational controls tailored to DDS environments.