fkie_nvd - fkie_cve-2025-24807

fkie_cve-2025-24807

Vulnerability from fkie_nvd

Published

2025-02-11 16:15

Modified

2025-02-21 15:26

Severity ?

7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Summary

eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.6.10, 2.10.7, 2.14.5, 3.0.2, 3.1.2, and 3.2.0, per design, PermissionsCA is not full chain validated, nor is the expiration date validated. Access control plugin validates only the S/MIME signature which causes an expired PermissionsCA to be taken as valid. Even though this issue is responsible for allowing `governance/permissions` from an expired PermissionsCA and having the system crash when PermissionsCA is not self-signed and contains the full-chain, the impact is low. Versions 2.6.10, 2.10.7, 2.14.5, 3.0.2, 3.1.2, and 3.2.0 contain a fix for the issue.

References

URL	Tags
security-advisories@github.com	https://github.com/eProsima/Fast-DDS/blob/2.6.9/src/cpp/security/accesscontrol/Permissions.cpp#L390-L396	Product
security-advisories@github.com	https://github.com/eProsima/Fast-DDS/blob/2.6.9/src/cpp/security/accesscontrol/Permissions.cpp#L412	Product
security-advisories@github.com	https://github.com/eProsima/Fast-DDS/blob/2.6.9/src/cpp/security/authentication/PKIDH.cpp#L241	Product
security-advisories@github.com	https://github.com/eProsima/Fast-DDS/pull/5530	Patch
security-advisories@github.com	https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-w33g-jmm2-8983	Vendor Advisory
security-advisories@github.com	https://www.omg.org/spec/DDS-SECURITY/1.1/PDF	Related

Impacted products

Vendor	Product	Version
eprosima	fast_dds	*
eprosima	fast_dds	*
eprosima	fast_dds	*
eprosima	fast_dds	*
eprosima	fast_dds	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:eprosima:fast_dds:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "81D1A228-4A42-4D7A-82B9-2F122823B155",
              "versionEndExcluding": "2.6.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eprosima:fast_dds:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2A20BB4-EE48-45BA-B4C2-4FC4A3092FB4",
              "versionEndExcluding": "2.10.7",
              "versionStartIncluding": "2.10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eprosima:fast_dds:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "19F26EE7-AA12-4DC8-963A-C1D978371A87",
              "versionEndExcluding": "2.14.5",
              "versionStartIncluding": "2.14.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eprosima:fast_dds:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "489DF936-893F-48EB-B2F5-1DCA66DB1F43",
              "versionEndExcluding": "3.0.2",
              "versionStartIncluding": "3.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eprosima:fast_dds:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "864A80F5-286F-45F2-9D08-0FF54F012497",
              "versionEndExcluding": "3.1.2",
              "versionStartIncluding": "3.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.6.10, 2.10.7, 2.14.5, 3.0.2, 3.1.2, and 3.2.0, per design, PermissionsCA is not full chain validated, nor is the expiration date validated. Access control plugin validates only the S/MIME signature which causes an expired PermissionsCA to be taken as valid. Even though this issue is responsible for allowing `governance/permissions` from an expired PermissionsCA and having the system crash when PermissionsCA is not self-signed and contains the full-chain, the impact is low. Versions 2.6.10, 2.10.7, 2.14.5, 3.0.2, 3.1.2, and 3.2.0 contain a fix for the issue."
    },
    {
      "lang": "es",
      "value": "eprosima Fast DDS es una implementaci\u00f3n en C++ del est\u00e1ndar DDS (Data Distribution Service) de OMG (Object Management Group). Antes de las versiones 2.6.10, 2.10.7, 2.14.5, 3.0.2, 3.1.2 y 3.2.0, por dise\u00f1o, PermissionsCA no se valida en cadena completa ni se valida la fecha de vencimiento. El complemento de control de acceso valida solo la firma S/MIME, lo que hace que un PermissionsCA vencido se considere v\u00e1lido. Aunque este problema es responsable de permitir la `gobernanza/permisos` desde un PermissionsCA vencido y de que el sistema se bloquee cuando PermissionsCA no est\u00e1 autofirmado y contiene la cadena completa, el impacto es bajo. Las versiones 2.6.10, 2.10.7, 2.14.5, 3.0.2, 3.1.2 y 3.2.0 contienen una soluci\u00f3n para el problema."
    }
  ],
  "id": "CVE-2025-24807",
  "lastModified": "2025-02-21T15:26:57.507",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "LOCAL",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 4.5,
          "baseSeverity": "MEDIUM",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "UNREPORTED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "LOW",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-02-11T16:15:51.190",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Product"
      ],
      "url": "https://github.com/eProsima/Fast-DDS/blob/2.6.9/src/cpp/security/accesscontrol/Permissions.cpp#L390-L396"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Product"
      ],
      "url": "https://github.com/eProsima/Fast-DDS/blob/2.6.9/src/cpp/security/accesscontrol/Permissions.cpp#L412"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Product"
      ],
      "url": "https://github.com/eProsima/Fast-DDS/blob/2.6.9/src/cpp/security/authentication/PKIDH.cpp#L241"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/eProsima/Fast-DDS/pull/5530"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-w33g-jmm2-8983"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Related"
      ],
      "url": "https://www.omg.org/spec/DDS-SECURITY/1.1/PDF"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-345"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

CVE-2025-24807 (GCVE-0-2025-24807)

Vulnerability from cvelistv5

Published

2025-02-11 15:31

Modified

2025-02-11 16:12

Severity ?

4.5 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

CWE

CWE-345 - Insufficient Verification of Data Authenticity