CVE-2025-67111 identifies an integer overflow vulnerability within the Real-Time Publish-Subscribe (RTPS) protocol implementation of OpenDDS, an open-source Data Distribution Service (DDS) middleware widely used for real-time data exchange in distributed systems. The vulnerability exists in versions prior to 3.33.0 and is triggered when an attacker sends a crafted RTPS message that causes an integer overflow during message processing. This overflow can lead to memory corruption or resource exhaustion, ultimately causing a Denial of Service (DoS) condition by crashing the affected service or rendering it unresponsive. The RTPS protocol is fundamental to OpenDDS operation, facilitating real-time data dissemination in environments such as industrial control systems, defense communications, autonomous vehicles, and other critical infrastructure sectors. Exploitation does not require prior authentication but does require the attacker to have network access to send malicious RTPS packets to the target. No public exploits or active exploitation campaigns have been reported to date. The lack of a CVSS score suggests the vulnerability is newly disclosed, but the impact on availability and ease of triggering a DoS condition is significant. The fix is included in OpenDDS version 3.33.0, which addresses the integer overflow by implementing proper bounds checking and input validation. Organizations using OpenDDS in production environments should prioritize patching to prevent potential disruptions.

For European organizations, the primary impact of CVE-2025-67111 is the risk of Denial of Service attacks against systems relying on OpenDDS for real-time data distribution. This can disrupt critical operations in sectors such as manufacturing automation, energy grid management, transportation systems, and defense communications, where OpenDDS is often deployed. Service outages could lead to operational downtime, safety risks, and financial losses. Additionally, disruption in real-time data flows may impair decision-making processes and automated control systems. Since the vulnerability can be exploited remotely without authentication, attackers with network access could cause widespread disruption. The absence of known exploits reduces immediate risk, but the potential impact on availability in critical infrastructure environments makes this a serious concern for European entities dependent on OpenDDS middleware.

1. Upgrade all OpenDDS deployments to version 3.33.0 or later, where the integer overflow vulnerability is patched. 2. Implement network segmentation and strict access controls to limit exposure of RTPS protocol traffic only to trusted devices and networks. 3. Deploy intrusion detection/prevention systems (IDS/IPS) capable of monitoring and filtering RTPS traffic to detect and block malformed or suspicious messages. 4. Conduct regular security audits and vulnerability assessments on systems using OpenDDS to ensure timely patching and configuration hardening. 5. Establish monitoring and alerting for unusual RTPS message patterns or service disruptions indicative of exploitation attempts. 6. Collaborate with vendors and open-source communities to stay informed about updates and security advisories related to OpenDDS and RTPS protocol implementations.