Main Vulnerability Database Vulnerabilities #VU125724

#VU125724 Improper Certificate Validation in Fast DDS - CVE-2025-24807

Published: February 11, 2025 / Updated: April 9, 2026

Vulnerability identifier: #VU125724

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-24807

CWE-ID: CWE-295

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Fast DDS

Software vendor:
eProsima

Description

The vulnerability allows a local user to accept governance or permissions from an expired permissions certificate authority.

The vulnerability exists due to improper certificate validation in the access control plugin when validating S/MIME-signed governance or permissions data. A local user can provide data signed by an expired permissions certificate authority to accept governance or permissions from an expired permissions certificate authority.

The permissions certificate authority chain is not fully validated, and the issue also affects deployments where the permissions certificate authority is not self-signed and includes the full certificate chain.

Remediation

Install security update from vendor's website.

External links

https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-w33g-jmm2-8983

#VU125724 Improper Certificate Validation in Fast DDS - CVE-2025-24807

Description

Remediation

External links

Please verify you're human