Vulnerability Description
Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands with System privileges.
CVSS Score
10.0
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Eclipse | Cyclone Data Distribution Service | < 0.10.5 |
Related Weaknesses (CWE)
References
- http://eclipse.comProduct
- https://gist.github.com/lkloliver/669e15bc7e6194133e4ee1026ce157e6Third Party Advisory
- https://github.com/eclipse-cyclonedds/cyclonedds/blob/master/src/ddsrt/src/time/Product
- https://github.com/eclipse-cyclonedds/cyclonedds/blob/master/src/security/builtiProduct
FAQ
What is CVE-2025-67109?
CVE-2025-67109 is a vulnerability with a CVSS score of 10.0 (CRITICAL). Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands with System privileges.
How severe is CVE-2025-67109?
CVE-2025-67109 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-67109?
Check the references section above for vendor advisories and patch information. Affected products include: Eclipse Cyclone Data Distribution Service.