A critical vulnerability has been discovered in eProsima Fast-DDS, a component used in multiple eProsima products. This flaw allows an attacker to use revoked security credentials to establish unauthorized connections, completely bypassing security measures. Successful exploitation could lead to data theft, system compromise, and disruption of critical operations that rely on the affected software.

The vulnerability exists due to an improper validation process for security ticket revocation within the DDS Security plugins. When a security ticket or credential is revoked, the system fails to correctly check its status, treating it as if it were still valid. An attacker in possession of a previously valid but now revoked ticket can present it to an affected system to successfully authenticate and establish an insecure communication channel, gaining unauthorized access to the DDS domain.

This vulnerability is rated as critical severity with a CVSS score of 10, indicating the highest possible risk. Exploitation could lead to a complete compromise of confidentiality, integrity, and availability for systems relying on the eProsima middleware. Potential consequences include unauthorized access to sensitive data streams, man-in-the-middle attacks to intercept or manipulate real-time data, and denial-of-service against critical infrastructure such as industrial control systems, robotics, or autonomous vehicles. This poses a significant risk of operational disruption, intellectual property theft, and potential safety incidents.

Immediate Action: The primary remediation is to apply vendor-supplied patches immediately. Organizations must update eProsima Multiple Products to the latest version as specified in the official eProsima security advisory. After patching, it is crucial to monitor for any further exploitation attempts and review historical access and authentication logs for signs of compromise.

Proactive Monitoring: Implement enhanced monitoring on network segments where DDS traffic is present. Look for unusual or unexpected connection attempts, especially from endpoints that should be decommissioned or have had their access revoked. Monitor authentication logs for successful connections originating from sources associated with revoked credentials. Anomaly-based network intrusion detection systems may help identify malicious activity.

Compensating Controls: If immediate patching is not feasible, implement compensating controls to reduce risk. Enforce strict network segmentation to isolate vulnerable systems from untrusted networks. Utilize firewalls and access control lists (ACLs) to restrict DDS communication exclusively to a whitelist of known, trusted IP addresses and ports.

Public Exploit Available: false

This vulnerability represents a critical and immediate threat to the organization. Due to the perfect CVSS score of 10, it must be treated with the highest priority. Although this CVE is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog, its severity warrants immediate action. We strongly recommend that all affected eProsima products be patched immediately. If patching is delayed, the compensating controls outlined above must be implemented without delay to mitigate the severe risk of system compromise and data exposure.