How severe is CVE-2025-67109?

CVE-2025-67109 has a CVSS v3 score of 10 (CRITICAL).

CVE-2025-67109

Name: cyclone_data_distribution_service
Author: eclipse

10.0CRITICAL

Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands with System privileges.

게시됨: 12/23/2025업데이트됨: 1/6/2026

설명

Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands with System privileges.

AI 분석AI 기반

영향받는 제품

eclipsecyclone_data_distribution_service

참조

http://eclipse.com
Product
https://gist.github.com/lkloliver/669e15bc7e6194133e4ee1026ce157e6
Third Party Advisory
https://github.com/eclipse-cyclonedds/cyclonedds/blob/master/src/ddsrt/src/time/posix/time.c#L28
Product
https://github.com/eclipse-cyclonedds/cyclonedds/blob/master/src/security/builtin_plugins/authentication/src/auth_utils.c#L84
Product