What is CVE-2025-24807?

CVE-2025-24807 affects eprosima Fast DDS due to inadequate validation of PermissionsCA. This medium-severity vulnerability could allow unauthorized access under specific conditions. Organizations should prioritize patching to mitigate potential risks.

What is the severity of CVE-2025-24807?

CVE-2025-24807 has a severity rating of MEDIUM with a CVSS base score of 4.5.

CVE-2025-24807 | Medium Vulnerability in eprosima Fast DDS

CVE-2025-24807 affects eprosima Fast DDS, a C++ implementation of the DDS (Data Distribution Service) standard. The vulnerability stems from insufficient validation of PermissionsCA, specifically that it does not perform full chain validation or expiration date checks. As a result, an expired PermissionsCA can be erroneously deemed valid, which may lead to unauthorized access under specific conditions.

The CVSS score for CVE-2025-24807 is 4.5, classifying it as medium severity. Although the impact is considered low due to the design of the system, the potential for unauthorized access to governance and permissions cannot be overlooked. Organizations using affected versions should act promptly.

The vulnerability is not currently associated with known exploits, but the implications of its existence necessitate immediate attention. Organizations should prioritize patching to prevent any potential unauthorized access or system crashes that could arise from this issue.

Versions 2.6.10, 2.10.7, 2.14.5, 3.0.2, 3.1.2, and 3.2.0 of Fast DDS have been patched to address this vulnerability. Organizations running older versions must take immediate steps to update to mitigate risks effectively.

Vulnerability Details

The official description of this vulnerability indicates that Fast DDS does not validate the full chain of the PermissionsCA and does not check the expiration date. This design flaw allows access control to operate based solely on the S/MIME signature. An expired PermissionsCA could be accepted as valid, which poses a risk for unauthorized governance and permissions access.

The vulnerability is classified under CWE-345, which pertains to the inability to validate the full chain of trust in certificates. This oversight can lead to critical security issues within applications that utilize Fast DDS.

The CVSS score is 4.5, indicating medium severity, with a local attack vector and low complexity. Privileges required for an attack are low, and no user interaction is needed, enhancing the potential risk. The integrity and availability impacts are assessed as high, highlighting the critical nature of the vulnerability.

Technical Analysis

The root cause of CVE-2025-24807 lies in the insufficient validation mechanisms within the Fast DDS access control plugin. Specifically, the lack of full chain validation for the PermissionsCA means that if an expired certificate is presented, the system may accept it as valid without further verification.

The attack vector is local, meaning that an attacker must have local access to exploit this vulnerability. The attack complexity is low, requiring minimal effort to execute the exploit. Privileges required are low, allowing unprivileged users the potential to leverage the vulnerability. Importantly, the attack does not require user interaction.

The impacts on confidentiality are none; however, both integrity and availability impacts are high. This means that while sensitive data is not directly compromised, the potential for system crashes and unauthorized actions can significantly affect the application's operational integrity.

Risk & Impact Analysis

Organizations utilizing eprosima Fast DDS should be aware of the risks associated with this vulnerability. The failure to validate PermissionsCA properly may lead to unauthorized access control, potentially allowing attackers to execute actions that could disrupt services or compromise system stability.

Considering the CVSS score of 4.5 and the analysis surrounding its exploitation status, organizations must assess their current deployment of Fast DDS. The potential blast radius includes any application relying on the flawed access control mechanism, which could be significant in complex deployments.

Given the medium severity rating and the absence of known exploits, organizations should still prioritize remediation in their patch cycles. The presence of a vulnerability with high integrity and availability impact necessitates swift action to update to the patched versions.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

eprosima Fast DDS versions affected by this vulnerability include all versions prior to the following patches: 2.6.10, 2.10.7, 2.14.5, 3.0.2, 3.1.2, and 3.2.0. Users are advised to upgrade to these versions to mitigate risks.

Mitigation & Remediation

To mitigate the risk associated with CVE-2025-24807, organizations should apply the patches available in versions 2.6.10, 2.10.7, 2.14.5, 3.0.2, 3.1.2, and 3.2.0 of eprosima Fast DDS. If immediate patching is not feasible, organizations should consider implementing access control measures to restrict use of the affected versions.

Strong network controls should be in place to limit access to systems utilizing Fast DDS until the patches have been successfully applied. Monitoring for any unusual activity or errors related to PermissionsCA should also be established as a precautionary measure.

Penetration testing can help identify any remaining weaknesses within the implementation after patching.

Detection Guidance

Organizations should monitor logs for any indicators of misuse related to PermissionsCA. Key indicators may include unexpected errors or failures in the access control mechanisms. Behavioral anomalies such as unauthorized access attempts should also be flagged and investigated.

Network signatures that identify attempts to exploit this vulnerability should be established. Additionally, system changes that could indicate unauthorized use of the vulnerable components must be tracked.

AppSecure Threat Intelligence Insight

CVE-2025-24807 represents a critical reminder of the importance of thorough validation in security implementations. As organizations increasingly rely on components like eprosima Fast DDS for distributed applications, the need for robust access control mechanisms becomes paramount.

This vulnerability highlights a pattern of security oversights where validation processes are not sufficiently stringent. Security teams should prioritize the implementation of best practices in access control and validation to prevent similar vulnerabilities in the future.

Organizations should engage in continuous security assessments, including application security assessments and continuous penetration testing to proactively identify vulnerabilities before they can be exploited.

Ultimately, CVE-2025-24807 serves as a call to action for organizations to invest in comprehensive security measures and maintain vigilance in their security practices.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-24807: Medium Vulnerability in eprosima Fast DDS