CVE Catalog

CVE-2025-67109

CriticalCVSS 10.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.29%

21th percentile - higher than 21% of all known CVEs

Summary

In Eclipse Cyclone DDS before version 0.10.5, improper verification of the time certificate allows attackers to bypass certificate checks and execute commands with System privileges.

Risk Assessment

An attacker can remotely take control of the system with the highest privileges, leading to complete compromise of data confidentiality, integrity, and availability.

Recommendation

Immediately update Eclipse Cyclone DDS to version 0.10.5 or later, which includes a fix for this vulnerability.

Original NVD description (English source)

Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands with System privileges.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS