How severe is CVE-2025-67109?

CVE-2025-67109 has a CVSS v3 score of 10 (CRITICAL).

CVE-2025-67109

Name: cyclone_data_distribution_service
Author: eclipse

10.0CRITICAL

Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands with System privileges.

Published: 12/23/2025Updated: 1/6/2026

Description

Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands with System privileges.

AI AnalysisPowered by AI

Affected Products

eclipsecyclone_data_distribution_service

References

http://eclipse.com
Product
https://gist.github.com/lkloliver/669e15bc7e6194133e4ee1026ce157e6
Third Party Advisory
https://github.com/eclipse-cyclonedds/cyclonedds/blob/master/src/ddsrt/src/time/posix/time.c#L28
Product
https://github.com/eclipse-cyclonedds/cyclonedds/blob/master/src/security/builtin_plugins/authentication/src/auth_utils.c#L84
Product