CVE-2025-63829 Overview
eProsima Fast-DDS v3.3 and earlier versions contain an infinite loop vulnerability caused by an integer overflow in the Time_t::fraction() function. Fast-DDS is a widely-used C++ implementation of the Data Distribution Service (DDS) standard, commonly deployed in robotics, autonomous vehicles, and industrial IoT applications. This vulnerability allows remote attackers to cause a denial of service condition by triggering the integer overflow, leading to resource exhaustion and system unavailability.
Critical Impact
Remote attackers can exploit this integer overflow to trigger an infinite loop, resulting in denial of service for DDS-based systems including robotics platforms and industrial control systems.
Affected Products
- eProsima Fast-DDS v3.3 and all prior versions
- Applications using the Fast-DDS library for DDS communication
- Robotics and IoT systems utilizing Fast-DDS middleware
Discovery Timeline
- 2025-11-18 - CVE-2025-63829 published to NVD
- 2025-12-31 - Last updated in NVD database
Technical Details for CVE-2025-63829
Vulnerability Analysis
This vulnerability combines two weakness types: CWE-190 (Integer Overflow or Wraparound) and CWE-835 (Loop with Unreachable Exit Condition). The flaw exists in the Time_t::fraction() function within the Fast-DDS core time handling module. When processing specially crafted time values, an integer overflow condition can occur that causes the function to enter an infinite loop, consuming CPU resources indefinitely.
The vulnerability is exploitable over the network without requiring authentication or user interaction. Successful exploitation results in complete availability impact, rendering the affected DDS participant unresponsive. While confidentiality and integrity are not directly affected, the denial of service impact is significant given Fast-DDS's use in safety-critical systems.
Root Cause
The root cause is improper handling of integer boundaries in the Time_t::fraction() function located in the Fast-DDS source code. When specific input values cause an integer overflow during time fraction calculations, the loop termination condition becomes unreachable, resulting in an infinite loop. The function lacks proper bounds checking to prevent the integer wraparound that triggers this condition.
Attack Vector
The attack can be executed remotely over the network. An attacker can send malformed DDS messages containing crafted timestamp values to a Fast-DDS participant. When the target system processes these values through the vulnerable Time_t::fraction() function, the integer overflow triggers an infinite loop. This attack requires no authentication and no user interaction, making it particularly dangerous for exposed DDS deployments.
The vulnerability mechanism involves crafted time values that cause the fraction calculation to overflow. When the overflow occurs, the loop counter or exit condition variable wraps around, preventing the loop from ever terminating. Technical details and proof-of-concept information are available in the GitHub Gist Code Snippet published by the researcher.
Detection Methods for CVE-2025-63829
Indicators of Compromise
- Abnormal CPU utilization (100% sustained) on processes running Fast-DDS applications
- DDS participants becoming unresponsive to discovery or data exchange
- System logs showing hung threads in time-related function calls
- Network traffic containing malformed DDS RTPS messages with unusual timestamp values
Detection Strategies
- Monitor CPU utilization for Fast-DDS processes and alert on sustained high usage patterns
- Implement network-level inspection for DDS/RTPS traffic with anomalous timestamp fields
- Deploy application performance monitoring to detect hung threads in DDS middleware
- Use process watchdogs to identify and restart frozen Fast-DDS applications
Monitoring Recommendations
- Enable detailed logging for DDS participant communication and time synchronization events
- Configure resource monitors to track thread states and CPU consumption per process
- Implement automated health checks for DDS discovery and data exchange functionality
- Set up alerting for sudden increases in DDS message processing latency
How to Mitigate CVE-2025-63829
Immediate Actions Required
- Audit all deployments using eProsima Fast-DDS versions 3.3 and earlier
- Restrict network access to DDS participants using firewalls or network segmentation
- Implement process-level resource limits to contain potential denial of service impact
- Monitor for vendor security updates addressing this vulnerability
Patch Information
As of the last update on 2025-12-31, organizations should monitor the eProsima Fast-DDS GitHub repository for official patches addressing this integer overflow vulnerability. Review the vulnerability details Gist for technical information that may assist in developing interim mitigations.
Workarounds
- Deploy DDS systems behind network firewalls limiting access to trusted sources only
- Implement application-level timeouts and watchdog mechanisms to restart frozen processes
- Use containerization with CPU limits to prevent single participant DoS from affecting entire systems
- Consider deploying multiple redundant DDS participants to maintain availability during attacks
# Example: Apply CPU resource limits for Fast-DDS processes using cgroups
# Create a cgroup with CPU limits
sudo cgcreate -g cpu:/fastdds_limited
# Set CPU quota (50% of one CPU core)
sudo cgset -r cpu.cfs_quota_us=50000 fastdds_limited
sudo cgset -r cpu.cfs_period_us=100000 fastdds_limited
# Run Fast-DDS application within the cgroup
sudo cgexec -g cpu:fastdds_limited ./fastdds_application
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
