CVE-2025-62600 is a security vulnerability identified in the eProsima Fast-DDS library, a C++ implementation of the Object Management Group's Data Distribution Service (DDS) standard. The flaw exists in versions prior to 3.4.1, 3.3.1, and 2.6.11 when the security mode is enabled. Specifically, the vulnerability arises from improper handling of the DATA Submessage within an SPDP (Simple Participant Discovery Protocol) packet sent by a publisher. An attacker can tamper with the length field in the readBinaryPropertySeq function, particularly within the PID_IDENTITY_TOKEN or PID_PERMISSION_TOKEN fields. This manipulation causes an integer overflow (CWE-190) during a resize operation on a buffer, which leads to an out-of-memory (OOM) condition. The OOM results in the remote termination of the Fast-DDS process, effectively causing a denial of service. The vulnerability does not require authentication or user interaction, and the attack vector is network-based (AV:N). The CVSS 4.0 score is 1.7, reflecting a low severity primarily due to limited impact scope and lack of privilege escalation or confidentiality breach. No known exploits have been reported in the wild. The issue is addressed by patches in Fast-DDS versions 3.4.1, 3.3.1, and 2.6.11, which properly validate and handle the length fields to prevent integer overflow and subsequent OOM conditions.

For European organizations, the primary impact of CVE-2025-62600 is denial of service (DoS) through remote termination of Fast-DDS processes. Fast-DDS is commonly used in distributed real-time systems, including industrial automation, automotive communications, robotics, and defense applications. An attacker exploiting this vulnerability could disrupt critical communications and data distribution services, potentially halting operations or causing system instability. While the vulnerability does not allow for code execution or data compromise, the loss of availability in time-sensitive or safety-critical environments could have significant operational and safety consequences. Organizations relying on Fast-DDS for real-time data exchange in manufacturing plants, autonomous vehicle systems, or defense networks in Europe could face interruptions or degraded service. The low CVSS score reflects limited impact on confidentiality and integrity but does not diminish the operational risks in critical infrastructure contexts.

To mitigate CVE-2025-62600, European organizations should immediately upgrade all Fast-DDS deployments to versions 3.4.1, 3.3.1, or 2.6.11 or later, where the vulnerability is patched. Network-level filtering should be implemented to monitor and block malformed SPDP packets that attempt to manipulate the DATA Submessage fields, especially those containing PID_IDENTITY_TOKEN or PID_PERMISSION_TOKEN. Employ deep packet inspection tools capable of understanding DDS protocol specifics to detect anomalous length fields indicative of an attack. Additionally, implement strict network segmentation to isolate Fast-DDS communication channels from untrusted networks and limit exposure to potential attackers. Regularly audit and monitor Fast-DDS logs for unexpected process terminations or memory allocation errors that may signal exploitation attempts. Incorporate Fast-DDS process watchdogs or automatic restart mechanisms to minimize downtime in case of crashes. Finally, engage with eProsima support and subscribe to security advisories to stay informed about future patches or related vulnerabilities.