CVE-2025-67108

Description

eProsima Fast-DDS v3.3 was discovered to contain improper validation for ticket revocation, resulting in insecure communications and connections.

CVSS Details

CVSS Score

10.0

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Configurations (Affected Products)

cpe:2.3:a:eprosima:fast_dds:3.3.0:*:*:*:*:*:*:* - VULNERABLE

eProsima Fast-DDS v3.3

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

// CVE-2025-67108 PoC - Fast-DDS Ticket Revocation Bypass
// This PoC demonstrates the improper validation vulnerability

#include <fastdds/dds/domain/DomainParticipant.hpp>
#include <fastdds/dds/publisher/Publisher.hpp>
#include <fastdds/dds/topic/Topic.hpp>

using namespace eprosima::fastdds::dds;

// Simulate exploiting the revocation check bypass
bool exploitRevocationBypass(DomainParticipant* participant) {
    // Step 1: Create a revoked certificate
    // In vulnerable version, this check is bypassed
    Certificate revoked_cert = loadRevokedCertificate();
    
    // Step 2: The vulnerable code fails to properly validate
    // against the Certificate Revocation List (CRL)
    if (!validateCertificateAgainstCRL(revoked_cert)) {
        // Vulnerability: This should fail but doesn't in v3.3
        printf("Certificate validation bypassed!\n");
    }
    
    // Step 3: Establish insecure connection
    return establishConnectionWithRevokedCert(participant, revoked_cert);
}

// Key vulnerable code location:
// src/cpp/security/accesscontrol/Permissions.cpp#L263
// Missing proper check: if (isCertificateRevoked(cert)) return false;

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-67108
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-67108
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-67108/
[4] VulDB https://vuldb.com/cve/CVE-2025-67108
[5] http://eprosima.com
[6] http://fast-dds.com
[7] https://gist.github.com/lkloliver/81b5d5a8328d712dbfd497bf11dbe913
[8] https://github.com/eProsima/Fast-DDS/blob/master/src/cpp/security/accesscontrol/Permissions.cpp#L263

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-67108", "sourceIdentifier": "[email protected]", "published": "2025-12-23T16:16:22.897", "lastModified": "2026-01-02T17:49:07.777", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "eProsima Fast-DDS v3.3 was discovered to contain improper validation for ticket revocation, resulting in insecure communications and connections."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N", "baseScore": 10.0, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 5.8}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-298"}, {"lang": "en", "value": "CWE-370"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:eprosima:fast_dds:3.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "4D268586-02B3-4D07-939A-8FD3F36E2852"}]}]}], "references": [{"url": "http://eprosima.com", "source": "[email protected]", "tags": ["Product"]}, {"url": "http://fast-dds.com", "source": "[email protected]", "tags": ["Broken Link", "Not Applicable"]}, {"url": "https://gist.github.com/lkloliver/81b5d5a8328d712dbfd497bf11dbe913", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://github.com/eProsima/Fast-DDS/blob/master/src/cpp/security/accesscontrol/Permissions.cpp#L263", "source": "[email protected]", "tags": ["Product"]}]}}