Search criteria
66 vulnerabilities found for connext_professional by rti
FKIE_CVE-2025-8410
Vulnerability from fkie_nvd - Published: 2025-09-23 18:15 - Updated: 2025-10-01 18:38
Severity ?
Summary
Use After Free vulnerability in RTI Connext Professional (Security Plugins) allows File Manipulation.This issue affects Connext Professional: from 7.5.0 before 7.6.0.
References
| URL | Tags | ||
|---|---|---|---|
| 3f572a00-62e2-4423-959a-7ea25eff1638 | https://www.rti.com/vulnerabilities/#cve-2025-8410 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rti | connext_professional | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F7F3E69-4C19-4844-8BCA-E130B543675F",
"versionEndExcluding": "7.6.0",
"versionStartIncluding": "7.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use After Free vulnerability in RTI Connext Professional (Security Plugins) allows File Manipulation.This issue affects Connext Professional: from 7.5.0 before 7.6.0."
}
],
"id": "CVE-2025-8410",
"lastModified": "2025-10-01T18:38:30.100",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "3f572a00-62e2-4423-959a-7ea25eff1638",
"type": "Secondary"
}
]
},
"published": "2025-09-23T18:15:41.857",
"references": [
{
"source": "3f572a00-62e2-4423-959a-7ea25eff1638",
"tags": [
"Vendor Advisory"
],
"url": "https://www.rti.com/vulnerabilities/#cve-2025-8410"
}
],
"sourceIdentifier": "3f572a00-62e2-4423-959a-7ea25eff1638",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "3f572a00-62e2-4423-959a-7ea25eff1638",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2025-4993
Vulnerability from fkie_nvd - Published: 2025-09-23 18:15 - Updated: 2025-10-01 18:40
Severity ?
Summary
Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.10, from 6.1.0 before 6.1.2.27, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.4a before 5.2.*.
References
| URL | Tags | ||
|---|---|---|---|
| 3f572a00-62e2-4423-959a-7ea25eff1638 | https://www.rti.com/vulnerabilities/#cve-2025-4993 | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rti | connext_professional | * | |
| rti | connext_professional | * | |
| rti | connext_professional | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50A3477D-F1B9-4395-8E03-A32F0C4BC5BF",
"versionEndExcluding": "6.1.2.27",
"versionStartIncluding": "4.4a",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3253A40-B8E0-4D3C-B6FD-CEAEFB302DF3",
"versionEndExcluding": "7.3.0.10",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF83931-62E3-493A-A93D-8BAEF69D0CFB",
"versionEndExcluding": "7.6.0",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.10, from 6.1.0 before 6.1.2.27, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.4a before 5.2.*."
}
],
"id": "CVE-2025-4993",
"lastModified": "2025-10-01T18:40:15.517",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "3f572a00-62e2-4423-959a-7ea25eff1638",
"type": "Secondary"
}
]
},
"published": "2025-09-23T18:15:33.450",
"references": [
{
"source": "3f572a00-62e2-4423-959a-7ea25eff1638",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.rti.com/vulnerabilities/#cve-2025-4993"
}
],
"sourceIdentifier": "3f572a00-62e2-4423-959a-7ea25eff1638",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-822"
}
],
"source": "3f572a00-62e2-4423-959a-7ea25eff1638",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-4582
Vulnerability from fkie_nvd - Published: 2025-09-23 18:15 - Updated: 2025-12-16 17:16
Severity ?
Summary
Buffer Over-read, Off-by-one Error vulnerability in RTI Connext Professional (Core Libraries) allows File Manipulation, Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.8, from 6.1.0 before 6.1.2.26, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.4a before 5.2.*.
References
| URL | Tags | ||
|---|---|---|---|
| 3f572a00-62e2-4423-959a-7ea25eff1638 | https://www.rti.com/vulnerabilities/#cve-2025-4582 | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rti | connext_professional | * | |
| rti | connext_professional | * | |
| rti | connext_professional | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4F5C680-815B-40CB-8DD8-51222F098D9F",
"versionEndExcluding": "6.1.2.26",
"versionStartIncluding": "4.4a",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37A9897B-B88F-454D-8A24-7A959D91DDC3",
"versionEndExcluding": "7.3.0.8",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF83931-62E3-493A-A93D-8BAEF69D0CFB",
"versionEndExcluding": "7.6.0",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer Over-read, Off-by-one Error vulnerability in RTI Connext Professional (Core Libraries) allows File Manipulation, Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.8, from 6.1.0 before 6.1.2.26, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.4a before 5.2.*."
}
],
"id": "CVE-2025-4582",
"lastModified": "2025-12-16T17:16:08.603",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "3f572a00-62e2-4423-959a-7ea25eff1638",
"type": "Secondary"
}
]
},
"published": "2025-09-23T18:15:32.877",
"references": [
{
"source": "3f572a00-62e2-4423-959a-7ea25eff1638",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.rti.com/vulnerabilities/#cve-2025-4582"
}
],
"sourceIdentifier": "3f572a00-62e2-4423-959a-7ea25eff1638",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-126"
},
{
"lang": "en",
"value": "CWE-193"
}
],
"source": "3f572a00-62e2-4423-959a-7ea25eff1638",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-1255
Vulnerability from fkie_nvd - Published: 2025-09-23 18:15 - Updated: 2025-10-02 13:44
Severity ?
Summary
Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.2.0 before 7.3.0.9.
References
| URL | Tags | ||
|---|---|---|---|
| 3f572a00-62e2-4423-959a-7ea25eff1638 | https://www.rti.com/vulnerabilities/#cve-2025-1255 | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rti | connext_professional | * | |
| rti | connext_professional | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E61E93B-6C1E-491C-B22D-B9FBC7673EF0",
"versionEndExcluding": "7.3.0.9",
"versionStartIncluding": "7.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF83931-62E3-493A-A93D-8BAEF69D0CFB",
"versionEndExcluding": "7.6.0",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.2.0 before 7.3.0.9."
}
],
"id": "CVE-2025-1255",
"lastModified": "2025-10-02T13:44:49.900",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "3f572a00-62e2-4423-959a-7ea25eff1638",
"type": "Secondary"
}
]
},
"published": "2025-09-23T18:15:31.460",
"references": [
{
"source": "3f572a00-62e2-4423-959a-7ea25eff1638",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.rti.com/vulnerabilities/#cve-2025-1255"
}
],
"sourceIdentifier": "3f572a00-62e2-4423-959a-7ea25eff1638",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-822"
}
],
"source": "3f572a00-62e2-4423-959a-7ea25eff1638",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-1254
Vulnerability from fkie_nvd - Published: 2025-05-08 09:15 - Updated: 2025-07-31 14:15
Severity ?
Summary
Out-of-bounds Read, Out-of-bounds Write vulnerability in RTI Connext Professional (Recording Service) allows Overflow Buffers, Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from 6.0.0 before 6.0.1.42.
References
| URL | Tags | ||
|---|---|---|---|
| 3f572a00-62e2-4423-959a-7ea25eff1638 | https://www.rti.com/vulnerabilities/#cve-2025-1254 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rti | connext_professional | * | |
| rti | connext_professional | * | |
| rti | connext_professional | * | |
| rti | connext_professional | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8369CEAE-4767-4910-AD55-3C6E8898EE5F",
"versionEndIncluding": "6.0.1.40",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5443F3D3-2C63-457F-8A4D-989ED1BB6BE6",
"versionEndExcluding": "6.1.2.23",
"versionStartIncluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1D145C4-5A81-4C9C-B722-A2A72B55E931",
"versionEndExcluding": "7.3.0.7",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A042A71-7A6A-41BB-A5B2-C07C5206D2E3",
"versionEndExcluding": "7.5.0",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read, Out-of-bounds Write vulnerability in RTI Connext Professional (Recording Service) allows Overflow Buffers, Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from 6.0.0 before 6.0.1.42."
},
{
"lang": "es",
"value": "La vulnerabilidad de lectura fuera de los l\u00edmites y escritura fuera de los l\u00edmites en RTI Connext Professional (Core Libraries) permite b\u00faferes de sobrelectura y b\u00faferes de desbordamiento. Este problema afecta a Connext Professional: desde la versi\u00f3n 7.4.0 hasta la 7.5.0, desde la versi\u00f3n 7.0.0 hasta la 7.3.0.7 y desde la versi\u00f3n 6.0.0 hasta la 6.1.2.23."
}
],
"id": "CVE-2025-1254",
"lastModified": "2025-07-31T14:15:33.970",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "3f572a00-62e2-4423-959a-7ea25eff1638",
"type": "Secondary"
}
]
},
"published": "2025-05-08T09:15:19.510",
"references": [
{
"source": "3f572a00-62e2-4423-959a-7ea25eff1638",
"tags": [
"Vendor Advisory"
],
"url": "https://www.rti.com/vulnerabilities/#cve-2025-1254"
}
],
"sourceIdentifier": "3f572a00-62e2-4423-959a-7ea25eff1638",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
},
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "3f572a00-62e2-4423-959a-7ea25eff1638",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2025-1253
Vulnerability from fkie_nvd - Published: 2025-05-08 09:15 - Updated: 2025-07-31 15:15
Severity ?
Summary
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Stack-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from 6.0.0 before 6.0.1.42, from 5.3.0 before 5.3.*, from 4.5c before 5.2.*.
References
| URL | Tags | ||
|---|---|---|---|
| 3f572a00-62e2-4423-959a-7ea25eff1638 | https://www.rti.com/vulnerabilities/#cve-2025-1253 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rti | connext_professional | * | |
| rti | connext_professional | * | |
| rti | connext_professional | * | |
| rti | connext_professional | * | |
| rti | connext_professional | * | |
| rti | connext_professional | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00286E4D-EA01-4EAF-B38B-8631585D062B",
"versionEndIncluding": "5.2.3",
"versionStartIncluding": "4.5c",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B1FE0A-A2E0-45AA-9ED2-CED9BDA02047",
"versionEndIncluding": "5.3.1.45",
"versionStartIncluding": "5.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8369CEAE-4767-4910-AD55-3C6E8898EE5F",
"versionEndIncluding": "6.0.1.40",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5443F3D3-2C63-457F-8A4D-989ED1BB6BE6",
"versionEndExcluding": "6.1.2.23",
"versionStartIncluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1D145C4-5A81-4C9C-B722-A2A72B55E931",
"versionEndExcluding": "7.3.0.7",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A042A71-7A6A-41BB-A5B2-C07C5206D2E3",
"versionEndExcluding": "7.5.0",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027), Stack-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from 6.0.0 before 6.0.1.42, from 5.3.0 before 5.3.*, from 4.5c before 5.2.*."
},
{
"lang": "es",
"value": "La vulnerabilidad de copia de b\u00fafer sin comprobar el tama\u00f1o de la entrada (\u0027desbordamiento de b\u00fafer cl\u00e1sico\u0027) en RTI Connext Professional (Core Libraries) permite variables y etiquetas de desbordamiento. Este problema afecta a Connext Professional: desde 7.4.0 hasta 7.5.0, desde 7.0.0 hasta 7.3.0.7, desde 4.5 hasta 6.1.2.23."
}
],
"id": "CVE-2025-1253",
"lastModified": "2025-07-31T15:15:35.943",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "3f572a00-62e2-4423-959a-7ea25eff1638",
"type": "Secondary"
}
]
},
"published": "2025-05-08T09:15:19.233",
"references": [
{
"source": "3f572a00-62e2-4423-959a-7ea25eff1638",
"tags": [
"Vendor Advisory"
],
"url": "https://www.rti.com/vulnerabilities/#cve-2025-1253"
}
],
"sourceIdentifier": "3f572a00-62e2-4423-959a-7ea25eff1638",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
},
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "3f572a00-62e2-4423-959a-7ea25eff1638",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2025-1252
Vulnerability from fkie_nvd - Published: 2025-05-08 09:15 - Updated: 2025-07-31 15:15
Severity ?
Summary
Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from 6.0.0 before 6.0.1.42, from 5.3.0 before 5.3.*, from 4.4d before 5.2.*.
References
| URL | Tags | ||
|---|---|---|---|
| 3f572a00-62e2-4423-959a-7ea25eff1638 | https://www.rti.com/vulnerabilities/#cve-2025-1252 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rti | connext_professional | * | |
| rti | connext_professional | * | |
| rti | connext_professional | * | |
| rti | connext_professional | * | |
| rti | connext_professional | * | |
| rti | connext_professional | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2FDF47D-6974-4943-8C73-E256082FA2C0",
"versionEndIncluding": "5.2.3",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B1FE0A-A2E0-45AA-9ED2-CED9BDA02047",
"versionEndIncluding": "5.3.1.45",
"versionStartIncluding": "5.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8369CEAE-4767-4910-AD55-3C6E8898EE5F",
"versionEndIncluding": "6.0.1.40",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5443F3D3-2C63-457F-8A4D-989ED1BB6BE6",
"versionEndExcluding": "6.1.2.23",
"versionStartIncluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1D145C4-5A81-4C9C-B722-A2A72B55E931",
"versionEndExcluding": "7.3.0.7",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A042A71-7A6A-41BB-A5B2-C07C5206D2E3",
"versionEndExcluding": "7.5.0",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from 6.0.0 before 6.0.1.42, from 5.3.0 before 5.3.*, from 4.4d before 5.2.*."
},
{
"lang": "es",
"value": "La vulnerabilidad de desbordamiento de b\u00fafer basado en mont\u00f3n en RTI Connext Professional (Core Libraries) permite variables y etiquetas de desbordamiento. Este problema afecta a Connext Professional: desde 7.4.0 hasta 7.5.0, desde 7.0.0 hasta 7.3.0.7, desde 4.4 hasta 6.1.2.23."
}
],
"id": "CVE-2025-1252",
"lastModified": "2025-07-31T15:15:35.783",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "3f572a00-62e2-4423-959a-7ea25eff1638",
"type": "Secondary"
}
]
},
"published": "2025-05-08T09:15:18.000",
"references": [
{
"source": "3f572a00-62e2-4423-959a-7ea25eff1638",
"tags": [
"Vendor Advisory"
],
"url": "https://www.rti.com/vulnerabilities/#cve-2025-1252"
}
],
"sourceIdentifier": "3f572a00-62e2-4423-959a-7ea25eff1638",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "3f572a00-62e2-4423-959a-7ea25eff1638",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-52066
Vulnerability from fkie_nvd - Published: 2024-12-13 11:15 - Updated: 2025-10-02 13:47
Severity ?
Summary
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Routing Service) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40.
References
| URL | Tags | ||
|---|---|---|---|
| 3f572a00-62e2-4423-959a-7ea25eff1638 | https://www.rti.com/vulnerabilities/#cve-2024-52066 | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rti | connext_professional | * | |
| rti | connext_professional | * | |
| rti | connext_professional | * | |
| rti | connext_professional | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E8FE0AD3-A12C-4A7F-BE66-725B7B941176",
"versionEndExcluding": "6.0.1.40",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6B4325-F208-482A-B0FF-56FD3DEFB35A",
"versionEndExcluding": "6.1.2.21",
"versionStartIncluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73826C13-CDA4-453A-AE9A-B94AF1A9F63E",
"versionEndExcluding": "7.3.0.5",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A042A71-7A6A-41BB-A5B2-C07C5206D2E3",
"versionEndExcluding": "7.5.0",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in RTI Connext Professional (Routing Service) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40."
},
{
"lang": "es",
"value": "La vulnerabilidad de copia de b\u00fafer sin comprobar el tama\u00f1o de la entrada (\u0027desbordamiento de b\u00fafer cl\u00e1sico\u0027) en RTI Connext Professional (servicio de enrutamiento) permite desbordamiento de variables y etiquetas. Este problema afecta a Connext Professional: desde 7.4.0 antes de 7.5.0, desde 7.0.0 antes de 7.3.0.5, desde 6.1.0 antes de 6.1.2.21, desde 6.0.0 antes de 6.0.1.40."
}
],
"id": "CVE-2024-52066",
"lastModified": "2025-10-02T13:47:46.823",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "3f572a00-62e2-4423-959a-7ea25eff1638",
"type": "Secondary"
}
]
},
"published": "2024-12-13T11:15:09.330",
"references": [
{
"source": "3f572a00-62e2-4423-959a-7ea25eff1638",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.rti.com/vulnerabilities/#cve-2024-52066"
}
],
"sourceIdentifier": "3f572a00-62e2-4423-959a-7ea25eff1638",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "3f572a00-62e2-4423-959a-7ea25eff1638",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-52065
Vulnerability from fkie_nvd - Published: 2024-12-13 11:15 - Updated: 2025-10-02 13:50
Severity ?
Summary
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional on non-Windows (Persistence Service) allows Buffer Overflow via Environment Variables.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.1.2 before 6.1.2.21, from 5.3.1.40 before 5.3.1.41.
References
| URL | Tags | ||
|---|---|---|---|
| 3f572a00-62e2-4423-959a-7ea25eff1638 | https://www.rti.com/vulnerabilities/#cve-2024-52065 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rti | connext_professional | * | |
| rti | connext_professional | * | |
| rti | connext_professional | 5.3.1.40 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E65F0020-14AC-4966-AAF2-97A73FF72FF4",
"versionEndExcluding": "6.1.2.21",
"versionStartIncluding": "6.1.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F3ED9A74-6AA2-45B2-8473-9B7FF2882C55",
"versionEndExcluding": "7.3.0.2",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:5.3.1.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9C73C9B5-FE5C-483E-8FD2-A18E6A318CC6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in RTI Connext Professional on non-Windows (Persistence Service) allows Buffer Overflow via Environment Variables.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.1.2 before 6.1.2.21, from 5.3.1.40 before 5.3.1.41."
},
{
"lang": "es",
"value": "La vulnerabilidad de copia de b\u00fafer sin comprobar el tama\u00f1o de la entrada (\u0027desbordamiento de b\u00fafer cl\u00e1sico\u0027) en RTI Connext Professional en sistemas que no son Windows (servicio de persistencia) permite un desbordamiento de b\u00fafer a trav\u00e9s de variables de entorno. Este problema afecta a Connext Professional: desde la versi\u00f3n 7.0.0 hasta la 7.3.0.2, desde la versi\u00f3n 6.1.1.2 hasta la 6.1.2.21, desde la versi\u00f3n 5.3.1.40 hasta la 5.3.1.41."
}
],
"id": "CVE-2024-52065",
"lastModified": "2025-10-02T13:50:46.517",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "3f572a00-62e2-4423-959a-7ea25eff1638",
"type": "Secondary"
}
]
},
"published": "2024-12-13T11:15:09.153",
"references": [
{
"source": "3f572a00-62e2-4423-959a-7ea25eff1638",
"tags": [
"Vendor Advisory"
],
"url": "https://www.rti.com/vulnerabilities/#cve-2024-52065"
}
],
"sourceIdentifier": "3f572a00-62e2-4423-959a-7ea25eff1638",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "3f572a00-62e2-4423-959a-7ea25eff1638",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-52064
Vulnerability from fkie_nvd - Published: 2024-12-13 11:15 - Updated: 2025-10-02 13:52
Severity ?
Summary
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45.
References
| URL | Tags | ||
|---|---|---|---|
| 3f572a00-62e2-4423-959a-7ea25eff1638 | https://www.rti.com/vulnerabilities/#cve-2024-52064 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rti | connext_professional | * | |
| rti | connext_professional | * | |
| rti | connext_professional | * | |
| rti | connext_professional | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83E9E9E6-FF24-4AE1-AD6E-D2C0256D4C26",
"versionEndExcluding": "5.3.1.45",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E8FE0AD3-A12C-4A7F-BE66-725B7B941176",
"versionEndExcluding": "6.0.1.40",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6B4325-F208-482A-B0FF-56FD3DEFB35A",
"versionEndExcluding": "6.1.2.21",
"versionStartIncluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F3ED9A74-6AA2-45B2-8473-9B7FF2882C55",
"versionEndExcluding": "7.3.0.2",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45."
},
{
"lang": "es",
"value": "La vulnerabilidad de copia de b\u00fafer sin comprobar el tama\u00f1o de la entrada (\u0027desbordamiento de b\u00fafer cl\u00e1sico\u0027) en RTI Connext Professional (Core Libraries) permite desbordamiento de variables y etiquetas. Este problema afecta a Connext Professional: desde 7.0.0 antes de 7.3.0.2, desde 6.1.0 antes de 6.1.2.21, desde 6.0.0 antes de 6.0.1.40, desde 5.0.0 antes de 5.3.1.45."
}
],
"id": "CVE-2024-52064",
"lastModified": "2025-10-02T13:52:34.303",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "3f572a00-62e2-4423-959a-7ea25eff1638",
"type": "Secondary"
}
]
},
"published": "2024-12-13T11:15:08.963",
"references": [
{
"source": "3f572a00-62e2-4423-959a-7ea25eff1638",
"tags": [
"Vendor Advisory"
],
"url": "https://www.rti.com/vulnerabilities/#cve-2024-52064"
}
],
"sourceIdentifier": "3f572a00-62e2-4423-959a-7ea25eff1638",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "3f572a00-62e2-4423-959a-7ea25eff1638",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-52060
Vulnerability from fkie_nvd - Published: 2024-12-13 11:15 - Updated: 2025-10-02 13:36
Severity ?
Summary
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Routing Service, Recording Service, Queuing Service, Observability Collector Service, Cloud Discovery Service) allows Buffer Overflow via Environment Variables.This issue affects Connext Professional: from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.1.45.
References
| URL | Tags | ||
|---|---|---|---|
| 3f572a00-62e2-4423-959a-7ea25eff1638 | https://www.rti.com/vulnerabilities/#cve-2024-52060 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rti | connext_professional | * | |
| rti | connext_professional | * | |
| rti | connext_professional | * | |
| rti | connext_professional | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77547706-1451-412D-A99A-3D01A7E1DB9E",
"versionEndExcluding": "5.3.1.45",
"versionStartIncluding": "5.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E8FE0AD3-A12C-4A7F-BE66-725B7B941176",
"versionEndExcluding": "6.0.1.40",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6B4325-F208-482A-B0FF-56FD3DEFB35A",
"versionEndExcluding": "6.1.2.21",
"versionStartIncluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73826C13-CDA4-453A-AE9A-B94AF1A9F63E",
"versionEndExcluding": "7.3.0.5",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in RTI Connext Professional (Routing Service, Recording Service, Queuing Service, Observability Collector Service, Cloud Discovery Service) allows Buffer Overflow via Environment Variables.This issue affects Connext Professional: from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.1.45."
},
{
"lang": "es",
"value": "La vulnerabilidad de copia de b\u00fafer sin comprobar el tama\u00f1o de la entrada (\u0027desbordamiento de b\u00fafer cl\u00e1sico\u0027) en RTI Connext Professional (servicio de enrutamiento, servicio de grabaci\u00f3n, servicio de cola, servicio de recopilaci\u00f3n de observabilidad, servicio de descubrimiento en la nube) permite un desbordamiento de b\u00fafer a trav\u00e9s de variables de entorno. Este problema afecta a Connext Professional: desde 7.0.0 antes de 7.3.0.5, desde 6.1.0 antes de 6.1.2.21, desde 6.0.0 antes de 6.0.*, desde 5.3.0 antes de 5.3.1.45."
}
],
"id": "CVE-2024-52060",
"lastModified": "2025-10-02T13:36:45.580",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "3f572a00-62e2-4423-959a-7ea25eff1638",
"type": "Secondary"
}
]
},
"published": "2024-12-13T11:15:08.250",
"references": [
{
"source": "3f572a00-62e2-4423-959a-7ea25eff1638",
"tags": [
"Vendor Advisory"
],
"url": "https://www.rti.com/vulnerabilities/#cve-2024-52060"
}
],
"sourceIdentifier": "3f572a00-62e2-4423-959a-7ea25eff1638",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "3f572a00-62e2-4423-959a-7ea25eff1638",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-52063
Vulnerability from fkie_nvd - Published: 2024-12-13 11:15 - Updated: 2025-10-02 13:41
Severity ?
Summary
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries, Routing Service) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45.
References
| URL | Tags | ||
|---|---|---|---|
| 3f572a00-62e2-4423-959a-7ea25eff1638 | https://www.rti.com/vulnerabilities/#cve-2024-52063 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rti | connext_professional | * | |
| rti | connext_professional | * | |
| rti | connext_professional | * | |
| rti | connext_professional | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83E9E9E6-FF24-4AE1-AD6E-D2C0256D4C26",
"versionEndExcluding": "5.3.1.45",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E8FE0AD3-A12C-4A7F-BE66-725B7B941176",
"versionEndExcluding": "6.0.1.40",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6B4325-F208-482A-B0FF-56FD3DEFB35A",
"versionEndExcluding": "6.1.2.21",
"versionStartIncluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73826C13-CDA4-453A-AE9A-B94AF1A9F63E",
"versionEndExcluding": "7.3.0.5",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in RTI Connext Professional (Core Libraries, Routing Service) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45."
},
{
"lang": "es",
"value": "La vulnerabilidad de copia de b\u00fafer sin comprobar el tama\u00f1o de la entrada (\u0027desbordamiento de b\u00fafer cl\u00e1sico\u0027) en RTI Connext Professional (librer\u00edas principales, servicio de enrutamiento) permite variables y etiquetas de desbordamiento. Este problema afecta a Connext Professional: desde la versi\u00f3n 7.0.0 hasta la 7.3.0.5, desde la versi\u00f3n 6.1.0 hasta la 6.1.2.21, desde la versi\u00f3n 6.0.0 hasta la 6.0.1.40, desde la versi\u00f3n 5.0.0 hasta la 5.3.1.45."
}
],
"id": "CVE-2024-52063",
"lastModified": "2025-10-02T13:41:19.057",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "3f572a00-62e2-4423-959a-7ea25eff1638",
"type": "Secondary"
}
]
},
"published": "2024-12-13T11:15:08.810",
"references": [
{
"source": "3f572a00-62e2-4423-959a-7ea25eff1638",
"tags": [
"Vendor Advisory"
],
"url": "https://www.rti.com/vulnerabilities/#cve-2024-52063"
}
],
"sourceIdentifier": "3f572a00-62e2-4423-959a-7ea25eff1638",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "3f572a00-62e2-4423-959a-7ea25eff1638",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-52062
Vulnerability from fkie_nvd - Published: 2024-12-13 11:15 - Updated: 2025-10-02 13:40
Severity ?
Summary
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45.
References
| URL | Tags | ||
|---|---|---|---|
| 3f572a00-62e2-4423-959a-7ea25eff1638 | https://www.rti.com/vulnerabilities/#cve-2024-52062 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rti | connext_professional | * | |
| rti | connext_professional | * | |
| rti | connext_professional | * | |
| rti | connext_professional | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83E9E9E6-FF24-4AE1-AD6E-D2C0256D4C26",
"versionEndExcluding": "5.3.1.45",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E8FE0AD3-A12C-4A7F-BE66-725B7B941176",
"versionEndExcluding": "6.0.1.40",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6B4325-F208-482A-B0FF-56FD3DEFB35A",
"versionEndExcluding": "6.1.2.21",
"versionStartIncluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73826C13-CDA4-453A-AE9A-B94AF1A9F63E",
"versionEndExcluding": "7.3.0.5",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45."
},
{
"lang": "es",
"value": "La vulnerabilidad de copia de b\u00fafer sin comprobar el tama\u00f1o de la entrada (\u0027desbordamiento de b\u00fafer cl\u00e1sico\u0027) en RTI Connext Professional (Core Libraries) permite desbordamiento de variables y etiquetas. Este problema afecta a Connext Professional: desde 7.0.0 antes de 7.3.0.5, desde 6.1.0 antes de 6.1.2.21, desde 6.0.0 antes de 6.0.1.40, desde 5.0.0 antes de 5.3.1.45."
}
],
"id": "CVE-2024-52062",
"lastModified": "2025-10-02T13:40:24.267",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "3f572a00-62e2-4423-959a-7ea25eff1638",
"type": "Secondary"
}
]
},
"published": "2024-12-13T11:15:08.650",
"references": [
{
"source": "3f572a00-62e2-4423-959a-7ea25eff1638",
"tags": [
"Vendor Advisory"
],
"url": "https://www.rti.com/vulnerabilities/#cve-2024-52062"
}
],
"sourceIdentifier": "3f572a00-62e2-4423-959a-7ea25eff1638",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "3f572a00-62e2-4423-959a-7ea25eff1638",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-52061
Vulnerability from fkie_nvd - Published: 2024-12-13 11:15 - Updated: 2025-10-02 13:38
Severity ?
Summary
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries, Queuing Service, Recording Service, Routing Service) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45.
References
| URL | Tags | ||
|---|---|---|---|
| 3f572a00-62e2-4423-959a-7ea25eff1638 | https://www.rti.com/vulnerabilities/#cve-2024-52061 | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rti | connext_professional | * | |
| rti | connext_professional | * | |
| rti | connext_professional | * | |
| rti | connext_professional | * | |
| rti | connext_professional | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4662FA7C-56A5-4491-A359-DF62550A9231",
"versionEndExcluding": "5.3.1.45",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E8FE0AD3-A12C-4A7F-BE66-725B7B941176",
"versionEndExcluding": "6.0.1.40",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6B4325-F208-482A-B0FF-56FD3DEFB35A",
"versionEndExcluding": "6.1.2.21",
"versionStartIncluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73826C13-CDA4-453A-AE9A-B94AF1A9F63E",
"versionEndExcluding": "7.3.0.5",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A042A71-7A6A-41BB-A5B2-C07C5206D2E3",
"versionEndExcluding": "7.5.0",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in RTI Connext Professional (Core Libraries, Queuing Service, Recording Service, Routing Service) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45."
},
{
"lang": "es",
"value": "La vulnerabilidad de copia de b\u00fafer sin comprobar el tama\u00f1o de la entrada (\u0027desbordamiento de b\u00fafer cl\u00e1sico\u0027) en RTI Connext Professional (librer\u00edas principales, servicio de cola, servicio de grabaci\u00f3n, servicio de enrutamiento) permite desbordamiento de variables y etiquetas. Este problema afecta a Connext Professional: desde la versi\u00f3n 7.4.0 hasta la 7.5.0, desde la versi\u00f3n 7.0.0 hasta la 7.3.0.5, desde la versi\u00f3n 6.1.0 hasta la 6.1.2.21, desde la versi\u00f3n 6.0.0 hasta la 6.0.1.40, desde la versi\u00f3n 5.0.0 hasta la 5.3.1.45."
}
],
"id": "CVE-2024-52061",
"lastModified": "2025-10-02T13:38:37.063",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "3f572a00-62e2-4423-959a-7ea25eff1638",
"type": "Secondary"
}
]
},
"published": "2024-12-13T11:15:08.457",
"references": [
{
"source": "3f572a00-62e2-4423-959a-7ea25eff1638",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.rti.com/vulnerabilities/#cve-2024-52061"
}
],
"sourceIdentifier": "3f572a00-62e2-4423-959a-7ea25eff1638",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "3f572a00-62e2-4423-959a-7ea25eff1638",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-52059
Vulnerability from fkie_nvd - Published: 2024-12-13 11:15 - Updated: 2025-10-02 13:36
Severity ?
Summary
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Heap-based Buffer Overflow, Integer Overflow or Wraparound vulnerability in RTI Connext Professional (Security Plugins) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.0 before 6.1.2.17.
References
| URL | Tags | ||
|---|---|---|---|
| 3f572a00-62e2-4423-959a-7ea25eff1638 | https://www.rti.com/vulnerabilities/#cve-2024-52059 | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rti | connext_professional | * | |
| rti | connext_professional | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EEFF488-4764-4AF6-A7BD-5B3BDDE2CDFF",
"versionEndExcluding": "6.1.2.17",
"versionStartIncluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F3ED9A74-6AA2-45B2-8473-9B7FF2882C55",
"versionEndExcluding": "7.3.0.2",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027), Heap-based Buffer Overflow, Integer Overflow or Wraparound vulnerability in RTI Connext Professional (Security Plugins) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.0 before 6.1.2.17."
},
{
"lang": "es",
"value": "La vulnerabilidad de copia de b\u00fafer sin comprobar el tama\u00f1o de la entrada (\u0027Desbordamiento de b\u00fafer cl\u00e1sico\u0027) en RTI Connext Professional (complementos de seguridad) permite desbordamiento de variables y etiquetas. Este problema afecta a Connext Professional: desde 7.0.0 antes de 7.3.0.2, desde 6.1.0 antes de 6.1.2.17."
}
],
"id": "CVE-2024-52059",
"lastModified": "2025-10-02T13:36:04.960",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "3f572a00-62e2-4423-959a-7ea25eff1638",
"type": "Secondary"
}
]
},
"published": "2024-12-13T11:15:08.080",
"references": [
{
"source": "3f572a00-62e2-4423-959a-7ea25eff1638",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.rti.com/vulnerabilities/#cve-2024-52059"
}
],
"sourceIdentifier": "3f572a00-62e2-4423-959a-7ea25eff1638",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
},
{
"lang": "en",
"value": "CWE-122"
},
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "3f572a00-62e2-4423-959a-7ea25eff1638",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-52058
Vulnerability from fkie_nvd - Published: 2024-12-13 11:15 - Updated: 2025-10-02 13:35
Severity ?
Summary
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in RTI Connext Professional (System Designer) allows OS Command Injection.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.0 before 6.1.2.19.
References
| URL | Tags | ||
|---|---|---|---|
| 3f572a00-62e2-4423-959a-7ea25eff1638 | https://www.rti.com/vulnerabilities/#cve-2024-52058 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rti | connext_professional | * | |
| rti | connext_professional | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0BE4F65-1712-4792-9127-1AE35CFC34FE",
"versionEndExcluding": "6.1.2.19",
"versionStartIncluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F3ED9A74-6AA2-45B2-8473-9B7FF2882C55",
"versionEndExcluding": "7.3.0.2",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in RTI Connext Professional (System Designer) allows OS Command Injection.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.0 before 6.1.2.19."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando del sistema operativo (\u0027Inyecci\u00f3n de comando del sistema operativo\u0027) en RTI Connext Professional (System Designer) permite la inyecci\u00f3n de comandos del sistema operativo. Este problema afecta a Connext Professional: desde 7.0.0 antes de 7.3.0.2, desde 6.1.0 antes de 6.1.2.19."
}
],
"id": "CVE-2024-52058",
"lastModified": "2025-10-02T13:35:17.877",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "3f572a00-62e2-4423-959a-7ea25eff1638",
"type": "Secondary"
}
]
},
"published": "2024-12-13T11:15:07.900",
"references": [
{
"source": "3f572a00-62e2-4423-959a-7ea25eff1638",
"tags": [
"Vendor Advisory"
],
"url": "https://www.rti.com/vulnerabilities/#cve-2024-52058"
}
],
"sourceIdentifier": "3f572a00-62e2-4423-959a-7ea25eff1638",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "3f572a00-62e2-4423-959a-7ea25eff1638",
"type": "Secondary"
}
]
}
CVE-2025-4582 (GCVE-0-2025-4582)
Vulnerability from nvd – Published: 2025-09-23 17:51 – Updated: 2025-12-16 16:14
VLAI?
Title
Buffer Over-read, Off-by-one Error vulnerability in RTI Connext Professional (Core Libraries) allows File Manipulation, Overread Buffers.
Summary
Buffer Over-read, Off-by-one Error vulnerability in RTI Connext Professional (Core Libraries) allows File Manipulation, Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.8, from 6.1.0 before 6.1.2.26, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.4a before 5.2.*.
Severity ?
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| RTI | Connext Professional |
Affected:
7.4.0 , < 7.6.0
(custom)
Affected: 7.0.0 , < 7.3.0.8 (custom) Affected: 6.1.0 , < 6.1.2.26 (custom) Affected: 6.0.0 , < 6.0.* (custom) Affected: 5.3.0 , < 5.3.* (custom) Affected: 4.4a , < 5.2.* (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4582",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-23T18:29:34.412365Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T18:37:03.251Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Core Libraries"
],
"packageName": "connext_professional",
"packageURL": "pkg:generic/connext_professional",
"product": "Connext Professional",
"vendor": "RTI",
"versions": [
{
"lessThan": "7.6.0",
"status": "affected",
"version": "7.4.0",
"versionType": "custom"
},
{
"lessThan": "7.3.0.8",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
},
{
"lessThan": "6.1.2.26",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
},
{
"lessThan": "6.0.*",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
},
{
"lessThan": "5.3.*",
"status": "affected",
"version": "5.3.0",
"versionType": "custom"
},
{
"lessThan": "5.2.*",
"status": "affected",
"version": "4.4a",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.6.0",
"versionStartIncluding": "7.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.3.0.8",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.2.26",
"versionStartIncluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.*",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.3.*",
"versionStartIncluding": "5.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.2.*",
"versionStartIncluding": "4.4a",
"vulnerable": true
}
],
"negated": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-09-16T07:52:56.903Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Buffer Over-read, Off-by-one Error vulnerability in RTI Connext Professional (Core Libraries) allows File Manipulation, Overread Buffers.\u003cp\u003eThis issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.8, from 6.1.0 before 6.1.2.26, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.4a before 5.2.*.\u003c/p\u003e"
}
],
"value": "Buffer Over-read, Off-by-one Error vulnerability in RTI Connext Professional (Core Libraries) allows File Manipulation, Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.8, from 6.1.0 before 6.1.2.26, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.4a before 5.2.*."
}
],
"impacts": [
{
"capecId": "CAPEC-165",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-165 File Manipulation"
}
]
},
{
"capecId": "CAPEC-540",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-540 Overread Buffers"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Security Extensions Enabled"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126 Buffer Over-read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-193",
"description": "CWE-193 Off-by-one Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T16:14:34.148Z",
"orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
"shortName": "RTI"
},
"references": [
{
"url": "https://www.rti.com/vulnerabilities/#cve-2025-4582"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Buffer Over-read, Off-by-one Error vulnerability in RTI Connext Professional (Core Libraries) allows File Manipulation, Overread Buffers.",
"x_generator": {
"engine": "RTI Lubna 1.14.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
"assignerShortName": "RTI",
"cveId": "CVE-2025-4582",
"datePublished": "2025-09-23T17:51:38.223Z",
"dateReserved": "2025-05-12T13:03:35.739Z",
"dateUpdated": "2025-12-16T16:14:34.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8410 (GCVE-0-2025-8410)
Vulnerability from nvd – Published: 2025-09-23 17:52 – Updated: 2025-12-16 16:14
VLAI?
Title
Use After Free vulnerability in RTI Connext Professional (Security Plugins) allows File Manipulation.
Summary
Use After Free vulnerability in RTI Connext Professional (Security Plugins) allows File Manipulation.This issue affects Connext Professional: from 7.5.0 before 7.6.0.
Severity ?
CWE
- CWE-416 - Use After Free
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| RTI | Connext Professional |
Affected:
7.5.0 , < 7.6.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8410",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-23T18:29:15.954365Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T18:36:51.356Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Security Plugins"
],
"packageName": "connext_professional",
"packageURL": "pkg:generic/connext_professional",
"product": "Connext Professional",
"vendor": "RTI",
"versions": [
{
"lessThan": "7.6.0",
"status": "affected",
"version": "7.5.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.6.0",
"versionStartIncluding": "7.5.0",
"vulnerable": true
}
],
"negated": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-09-16T07:52:42.037Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use After Free vulnerability in RTI Connext Professional (Security Plugins) allows File Manipulation.\u003cp\u003eThis issue affects Connext Professional: from 7.5.0 before 7.6.0.\u003c/p\u003e"
}
],
"value": "Use After Free vulnerability in RTI Connext Professional (Security Plugins) allows File Manipulation.This issue affects Connext Professional: from 7.5.0 before 7.6.0."
}
],
"impacts": [
{
"capecId": "CAPEC-165",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-165 File Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Security Extensions Enabled"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T16:14:58.480Z",
"orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
"shortName": "RTI"
},
"references": [
{
"url": "https://www.rti.com/vulnerabilities/#cve-2025-8410"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Use After Free vulnerability in RTI Connext Professional (Security Plugins) allows File Manipulation.",
"x_generator": {
"engine": "RTI Lubna 1.14.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
"assignerShortName": "RTI",
"cveId": "CVE-2025-8410",
"datePublished": "2025-09-23T17:52:26.769Z",
"dateReserved": "2025-07-31T08:26:06.499Z",
"dateUpdated": "2025-12-16T16:14:58.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-4993 (GCVE-0-2025-4993)
Vulnerability from nvd – Published: 2025-09-23 17:51 – Updated: 2025-12-16 16:14
VLAI?
Title
Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.
Summary
Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.10, from 6.1.0 before 6.1.2.27, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.4a before 5.2.*.
Severity ?
CWE
- CWE-822 - Untrusted Pointer Dereference
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| RTI | Connext Professional |
Affected:
7.4.0 , < 7.6.0
(custom)
Affected: 7.0.0 , < 7.3.0.10 (custom) Affected: 6.1.0 , < 6.1.2.27 (custom) Affected: 6.0.0 , < 6.0.* (custom) Affected: 5.3.0 , < 5.3.* (custom) Affected: 4.4a , < 5.2.* (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4993",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-23T18:29:24.647721Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T18:36:56.917Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Core Libraries"
],
"packageName": "connext_professional",
"packageURL": "pkg:generic/connext_professional",
"product": "Connext Professional",
"vendor": "RTI",
"versions": [
{
"lessThan": "7.6.0",
"status": "affected",
"version": "7.4.0",
"versionType": "custom"
},
{
"lessThan": "7.3.0.10",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
},
{
"lessThan": "6.1.2.27",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
},
{
"lessThan": "6.0.*",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
},
{
"lessThan": "5.3.*",
"status": "affected",
"version": "5.3.0",
"versionType": "custom"
},
{
"lessThan": "5.2.*",
"status": "affected",
"version": "4.4a",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.6.0",
"versionStartIncluding": "7.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.3.0.10",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.2.27",
"versionStartIncluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.*",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.3.*",
"versionStartIncluding": "5.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.2.*",
"versionStartIncluding": "4.4a",
"vulnerable": true
}
],
"negated": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-09-16T07:52:54.107Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.\u003cp\u003eThis issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.10, from 6.1.0 before 6.1.2.27, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.4a before 5.2.*.\u003c/p\u003e"
}
],
"value": "Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.10, from 6.1.0 before 6.1.2.27, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.4a before 5.2.*."
}
],
"impacts": [
{
"capecId": "CAPEC-129",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-129 Pointer Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-822",
"description": "CWE-822 Untrusted Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T16:14:46.826Z",
"orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
"shortName": "RTI"
},
"references": [
{
"url": "https://www.rti.com/vulnerabilities/#cve-2025-4993"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.",
"x_generator": {
"engine": "RTI Lubna 1.14.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
"assignerShortName": "RTI",
"cveId": "CVE-2025-4993",
"datePublished": "2025-09-23T17:51:51.489Z",
"dateReserved": "2025-05-20T08:17:52.869Z",
"dateUpdated": "2025-12-16T16:14:46.826Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-1255 (GCVE-0-2025-1255)
Vulnerability from nvd – Published: 2025-09-23 17:50 – Updated: 2025-12-16 16:14
VLAI?
Title
Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.
Summary
Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.2.0 before 7.3.0.9.
Severity ?
CWE
- CWE-822 - Untrusted Pointer Dereference
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| RTI | Connext Professional |
Affected:
7.4.0 , < 7.6.0
(custom)
Affected: 7.2.0 , < 7.3.0.9 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1255",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-23T18:29:43.375708Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T18:37:09.324Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Core Libraries"
],
"packageName": "connext_professional",
"packageURL": "pkg:generic/connext_professional",
"product": "Connext Professional",
"vendor": "RTI",
"versions": [
{
"lessThan": "7.6.0",
"status": "affected",
"version": "7.4.0",
"versionType": "custom"
},
{
"lessThan": "7.3.0.9",
"status": "affected",
"version": "7.2.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.6.0",
"versionStartIncluding": "7.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.3.0.9",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negated": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-09-16T07:53:06.015Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.\u003cp\u003eThis issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.2.0 before 7.3.0.9.\u003c/p\u003e"
}
],
"value": "Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.2.0 before 7.3.0.9."
}
],
"impacts": [
{
"capecId": "CAPEC-129",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-129 Pointer Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-822",
"description": "CWE-822 Untrusted Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T16:14:16.045Z",
"orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
"shortName": "RTI"
},
"references": [
{
"url": "https://www.rti.com/vulnerabilities/#cve-2025-1255"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.",
"x_generator": {
"engine": "RTI Lubna 1.14.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
"assignerShortName": "RTI",
"cveId": "CVE-2025-1255",
"datePublished": "2025-09-23T17:50:51.857Z",
"dateReserved": "2025-02-12T15:31:58.591Z",
"dateUpdated": "2025-12-16T16:14:16.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-1254 (GCVE-0-2025-1254)
Vulnerability from nvd – Published: 2025-05-08 08:32 – Updated: 2025-12-16 16:14
VLAI?
Title
Out-of-bounds Read, Out-of-bounds Write vulnerability in RTI Connext Professional (Recording Service) allows Overflow Buffers, Overread Buffers.
Summary
Out-of-bounds Read, Out-of-bounds Write vulnerability in RTI Connext Professional (Recording Service) allows Overflow Buffers, Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from 6.0.0 before 6.0.1.42.
Severity ?
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| RTI | Connext Professional |
Affected:
7.4.0 , < 7.5.0
(custom)
Affected: 7.0.0 , < 7.3.0.7 (custom) Affected: 6.1.0 , < 6.1.2.23 (custom) Affected: 6.0.0 , < 6.0.1.42 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1254",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T13:54:50.480897Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T13:55:52.753Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Recording Service"
],
"packageName": "connext_professional",
"packageURL": "pkg:generic/connext_professional",
"product": "Connext Professional",
"vendor": "RTI",
"versions": [
{
"lessThan": "7.5.0",
"status": "affected",
"version": "7.4.0",
"versionType": "custom"
},
{
"lessThan": "7.3.0.7",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
},
{
"lessThan": "6.1.2.23",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
},
{
"lessThan": "6.0.1.42",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.5.0",
"versionStartIncluding": "7.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.3.0.7",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.2.23",
"versionStartIncluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.1.42",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negated": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-05-06T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Out-of-bounds Read, Out-of-bounds Write vulnerability in RTI Connext Professional (Recording Service) allows Overflow Buffers, Overread Buffers.\u003cp\u003eThis issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from 6.0.0 before 6.0.1.42.\u003c/p\u003e"
}
],
"value": "Out-of-bounds Read, Out-of-bounds Write vulnerability in RTI Connext Professional (Recording Service) allows Overflow Buffers, Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from 6.0.0 before 6.0.1.42."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
},
{
"capecId": "CAPEC-540",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-540 Overread Buffers"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Security Extensions Enabled"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T16:14:07.918Z",
"orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
"shortName": "RTI"
},
"references": [
{
"url": "https://www.rti.com/vulnerabilities/#cve-2025-1254"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds Read, Out-of-bounds Write vulnerability in RTI Connext Professional (Recording Service) allows Overflow Buffers, Overread Buffers.",
"x_generator": {
"engine": "RTI Lubna 1.14.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
"assignerShortName": "RTI",
"cveId": "CVE-2025-1254",
"datePublished": "2025-05-08T08:32:43.287Z",
"dateReserved": "2025-02-12T15:31:57.062Z",
"dateUpdated": "2025-12-16T16:14:07.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-1253 (GCVE-0-2025-1253)
Vulnerability from nvd – Published: 2025-05-08 08:32 – Updated: 2025-12-16 16:14
VLAI?
Title
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Stack-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.
Summary
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Stack-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from 6.0.0 before 6.0.1.42, from 5.3.0 before 5.3.*, from 4.5c before 5.2.*.
Severity ?
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| RTI | Connext Professional |
Affected:
7.4.0 , < 7.5.0
(custom)
Affected: 7.0.0 , < 7.3.0.7 (custom) Affected: 6.1.0 , < 6.1.2.23 (custom) Affected: 6.0.0 , < 6.0.1.42 (custom) Affected: 5.3.0 , < 5.3.* (custom) Affected: 4.5c , < 5.2.* (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1253",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T14:04:18.526938Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T14:04:37.577Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Core Libraries"
],
"packageName": "connext_professional",
"packageURL": "pkg:generic/connext_professional",
"product": "Connext Professional",
"vendor": "RTI",
"versions": [
{
"lessThan": "7.5.0",
"status": "affected",
"version": "7.4.0",
"versionType": "custom"
},
{
"lessThan": "7.3.0.7",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
},
{
"lessThan": "6.1.2.23",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
},
{
"lessThan": "6.0.1.42",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
},
{
"lessThan": "5.3.*",
"status": "affected",
"version": "5.3.0",
"versionType": "custom"
},
{
"lessThan": "5.2.*",
"status": "affected",
"version": "4.5c",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.5.0",
"versionStartIncluding": "7.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.3.0.7",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.2.23",
"versionStartIncluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.1.42",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.3.*",
"versionStartIncluding": "5.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.2.*",
"versionStartIncluding": "4.5c",
"vulnerable": true
}
],
"negated": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-05-06T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027), Stack-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.\u003cp\u003eThis issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from 6.0.0 before 6.0.1.42, from 5.3.0 before 5.3.*, from 4.5c before 5.2.*.\u003c/p\u003e"
}
],
"value": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027), Stack-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from 6.0.0 before 6.0.1.42, from 5.3.0 before 5.3.*, from 4.5c before 5.2.*."
}
],
"impacts": [
{
"capecId": "CAPEC-46",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-46 Overflow Variables and Tags"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Security Extensions Enabled"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T16:14:01.391Z",
"orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
"shortName": "RTI"
},
"references": [
{
"url": "https://www.rti.com/vulnerabilities/#cve-2025-1253"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027), Stack-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.",
"x_generator": {
"engine": "RTI Lubna 1.14.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
"assignerShortName": "RTI",
"cveId": "CVE-2025-1253",
"datePublished": "2025-05-08T08:32:35.311Z",
"dateReserved": "2025-02-12T15:31:54.861Z",
"dateUpdated": "2025-12-16T16:14:01.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-1252 (GCVE-0-2025-1252)
Vulnerability from nvd – Published: 2025-05-08 08:31 – Updated: 2025-12-16 16:13
VLAI?
Title
Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.
Summary
Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from 6.0.0 before 6.0.1.42, from 5.3.0 before 5.3.*, from 4.4d before 5.2.*.
Severity ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| RTI | Connext Professional |
Affected:
7.4.0 , < 7.5.0
(custom)
Affected: 7.0.0 , < 7.3.0.7 (custom) Affected: 6.1.0 , < 6.1.2.23 (custom) Affected: 6.0.0 , < 6.0.1.42 (custom) Affected: 5.3.0 , < 5.3.* (custom) Affected: 4.4d , < 5.2.* (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1252",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T14:05:57.235012Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T14:06:13.494Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Core Libraries"
],
"packageName": "connext_professional",
"packageURL": "pkg:generic/connext_professional",
"product": "Connext Professional",
"vendor": "RTI",
"versions": [
{
"lessThan": "7.5.0",
"status": "affected",
"version": "7.4.0",
"versionType": "custom"
},
{
"lessThan": "7.3.0.7",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
},
{
"lessThan": "6.1.2.23",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
},
{
"lessThan": "6.0.1.42",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
},
{
"lessThan": "5.3.*",
"status": "affected",
"version": "5.3.0",
"versionType": "custom"
},
{
"lessThan": "5.2.*",
"status": "affected",
"version": "4.4d",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.5.0",
"versionStartIncluding": "7.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.3.0.7",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.2.23",
"versionStartIncluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.1.42",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.3.*",
"versionStartIncluding": "5.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.2.*",
"versionStartIncluding": "4.4d",
"vulnerable": true
}
],
"negated": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-05-06T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.\u003cp\u003eThis issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from 6.0.0 before 6.0.1.42, from 5.3.0 before 5.3.*, from 4.4d before 5.2.*.\u003c/p\u003e"
}
],
"value": "Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from 6.0.0 before 6.0.1.42, from 5.3.0 before 5.3.*, from 4.4d before 5.2.*."
}
],
"impacts": [
{
"capecId": "CAPEC-46",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-46 Overflow Variables and Tags"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Security Extensions Enabled"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T16:13:26.347Z",
"orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
"shortName": "RTI"
},
"references": [
{
"url": "https://www.rti.com/vulnerabilities/#cve-2025-1252"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.",
"x_generator": {
"engine": "RTI Lubna 1.14.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
"assignerShortName": "RTI",
"cveId": "CVE-2025-1252",
"datePublished": "2025-05-08T08:31:14.144Z",
"dateReserved": "2025-02-12T15:31:51.731Z",
"dateUpdated": "2025-12-16T16:13:26.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8410 (GCVE-0-2025-8410)
Vulnerability from cvelistv5 – Published: 2025-09-23 17:52 – Updated: 2025-12-16 16:14
VLAI?
Title
Use After Free vulnerability in RTI Connext Professional (Security Plugins) allows File Manipulation.
Summary
Use After Free vulnerability in RTI Connext Professional (Security Plugins) allows File Manipulation.This issue affects Connext Professional: from 7.5.0 before 7.6.0.
Severity ?
CWE
- CWE-416 - Use After Free
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| RTI | Connext Professional |
Affected:
7.5.0 , < 7.6.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8410",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-23T18:29:15.954365Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T18:36:51.356Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Security Plugins"
],
"packageName": "connext_professional",
"packageURL": "pkg:generic/connext_professional",
"product": "Connext Professional",
"vendor": "RTI",
"versions": [
{
"lessThan": "7.6.0",
"status": "affected",
"version": "7.5.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.6.0",
"versionStartIncluding": "7.5.0",
"vulnerable": true
}
],
"negated": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-09-16T07:52:42.037Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use After Free vulnerability in RTI Connext Professional (Security Plugins) allows File Manipulation.\u003cp\u003eThis issue affects Connext Professional: from 7.5.0 before 7.6.0.\u003c/p\u003e"
}
],
"value": "Use After Free vulnerability in RTI Connext Professional (Security Plugins) allows File Manipulation.This issue affects Connext Professional: from 7.5.0 before 7.6.0."
}
],
"impacts": [
{
"capecId": "CAPEC-165",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-165 File Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Security Extensions Enabled"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T16:14:58.480Z",
"orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
"shortName": "RTI"
},
"references": [
{
"url": "https://www.rti.com/vulnerabilities/#cve-2025-8410"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Use After Free vulnerability in RTI Connext Professional (Security Plugins) allows File Manipulation.",
"x_generator": {
"engine": "RTI Lubna 1.14.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
"assignerShortName": "RTI",
"cveId": "CVE-2025-8410",
"datePublished": "2025-09-23T17:52:26.769Z",
"dateReserved": "2025-07-31T08:26:06.499Z",
"dateUpdated": "2025-12-16T16:14:58.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-4993 (GCVE-0-2025-4993)
Vulnerability from cvelistv5 – Published: 2025-09-23 17:51 – Updated: 2025-12-16 16:14
VLAI?
Title
Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.
Summary
Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.10, from 6.1.0 before 6.1.2.27, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.4a before 5.2.*.
Severity ?
CWE
- CWE-822 - Untrusted Pointer Dereference
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| RTI | Connext Professional |
Affected:
7.4.0 , < 7.6.0
(custom)
Affected: 7.0.0 , < 7.3.0.10 (custom) Affected: 6.1.0 , < 6.1.2.27 (custom) Affected: 6.0.0 , < 6.0.* (custom) Affected: 5.3.0 , < 5.3.* (custom) Affected: 4.4a , < 5.2.* (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4993",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-23T18:29:24.647721Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T18:36:56.917Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Core Libraries"
],
"packageName": "connext_professional",
"packageURL": "pkg:generic/connext_professional",
"product": "Connext Professional",
"vendor": "RTI",
"versions": [
{
"lessThan": "7.6.0",
"status": "affected",
"version": "7.4.0",
"versionType": "custom"
},
{
"lessThan": "7.3.0.10",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
},
{
"lessThan": "6.1.2.27",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
},
{
"lessThan": "6.0.*",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
},
{
"lessThan": "5.3.*",
"status": "affected",
"version": "5.3.0",
"versionType": "custom"
},
{
"lessThan": "5.2.*",
"status": "affected",
"version": "4.4a",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.6.0",
"versionStartIncluding": "7.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.3.0.10",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.2.27",
"versionStartIncluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.*",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.3.*",
"versionStartIncluding": "5.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.2.*",
"versionStartIncluding": "4.4a",
"vulnerable": true
}
],
"negated": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-09-16T07:52:54.107Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.\u003cp\u003eThis issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.10, from 6.1.0 before 6.1.2.27, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.4a before 5.2.*.\u003c/p\u003e"
}
],
"value": "Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.10, from 6.1.0 before 6.1.2.27, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.4a before 5.2.*."
}
],
"impacts": [
{
"capecId": "CAPEC-129",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-129 Pointer Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-822",
"description": "CWE-822 Untrusted Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T16:14:46.826Z",
"orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
"shortName": "RTI"
},
"references": [
{
"url": "https://www.rti.com/vulnerabilities/#cve-2025-4993"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.",
"x_generator": {
"engine": "RTI Lubna 1.14.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
"assignerShortName": "RTI",
"cveId": "CVE-2025-4993",
"datePublished": "2025-09-23T17:51:51.489Z",
"dateReserved": "2025-05-20T08:17:52.869Z",
"dateUpdated": "2025-12-16T16:14:46.826Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-4582 (GCVE-0-2025-4582)
Vulnerability from cvelistv5 – Published: 2025-09-23 17:51 – Updated: 2025-12-16 16:14
VLAI?
Title
Buffer Over-read, Off-by-one Error vulnerability in RTI Connext Professional (Core Libraries) allows File Manipulation, Overread Buffers.
Summary
Buffer Over-read, Off-by-one Error vulnerability in RTI Connext Professional (Core Libraries) allows File Manipulation, Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.8, from 6.1.0 before 6.1.2.26, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.4a before 5.2.*.
Severity ?
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| RTI | Connext Professional |
Affected:
7.4.0 , < 7.6.0
(custom)
Affected: 7.0.0 , < 7.3.0.8 (custom) Affected: 6.1.0 , < 6.1.2.26 (custom) Affected: 6.0.0 , < 6.0.* (custom) Affected: 5.3.0 , < 5.3.* (custom) Affected: 4.4a , < 5.2.* (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4582",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-23T18:29:34.412365Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T18:37:03.251Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Core Libraries"
],
"packageName": "connext_professional",
"packageURL": "pkg:generic/connext_professional",
"product": "Connext Professional",
"vendor": "RTI",
"versions": [
{
"lessThan": "7.6.0",
"status": "affected",
"version": "7.4.0",
"versionType": "custom"
},
{
"lessThan": "7.3.0.8",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
},
{
"lessThan": "6.1.2.26",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
},
{
"lessThan": "6.0.*",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
},
{
"lessThan": "5.3.*",
"status": "affected",
"version": "5.3.0",
"versionType": "custom"
},
{
"lessThan": "5.2.*",
"status": "affected",
"version": "4.4a",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.6.0",
"versionStartIncluding": "7.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.3.0.8",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.2.26",
"versionStartIncluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.*",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.3.*",
"versionStartIncluding": "5.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.2.*",
"versionStartIncluding": "4.4a",
"vulnerable": true
}
],
"negated": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-09-16T07:52:56.903Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Buffer Over-read, Off-by-one Error vulnerability in RTI Connext Professional (Core Libraries) allows File Manipulation, Overread Buffers.\u003cp\u003eThis issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.8, from 6.1.0 before 6.1.2.26, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.4a before 5.2.*.\u003c/p\u003e"
}
],
"value": "Buffer Over-read, Off-by-one Error vulnerability in RTI Connext Professional (Core Libraries) allows File Manipulation, Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.8, from 6.1.0 before 6.1.2.26, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.4a before 5.2.*."
}
],
"impacts": [
{
"capecId": "CAPEC-165",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-165 File Manipulation"
}
]
},
{
"capecId": "CAPEC-540",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-540 Overread Buffers"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Security Extensions Enabled"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126 Buffer Over-read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-193",
"description": "CWE-193 Off-by-one Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T16:14:34.148Z",
"orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
"shortName": "RTI"
},
"references": [
{
"url": "https://www.rti.com/vulnerabilities/#cve-2025-4582"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Buffer Over-read, Off-by-one Error vulnerability in RTI Connext Professional (Core Libraries) allows File Manipulation, Overread Buffers.",
"x_generator": {
"engine": "RTI Lubna 1.14.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
"assignerShortName": "RTI",
"cveId": "CVE-2025-4582",
"datePublished": "2025-09-23T17:51:38.223Z",
"dateReserved": "2025-05-12T13:03:35.739Z",
"dateUpdated": "2025-12-16T16:14:34.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-1255 (GCVE-0-2025-1255)
Vulnerability from cvelistv5 – Published: 2025-09-23 17:50 – Updated: 2025-12-16 16:14
VLAI?
Title
Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.
Summary
Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.2.0 before 7.3.0.9.
Severity ?
CWE
- CWE-822 - Untrusted Pointer Dereference
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| RTI | Connext Professional |
Affected:
7.4.0 , < 7.6.0
(custom)
Affected: 7.2.0 , < 7.3.0.9 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1255",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-23T18:29:43.375708Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T18:37:09.324Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Core Libraries"
],
"packageName": "connext_professional",
"packageURL": "pkg:generic/connext_professional",
"product": "Connext Professional",
"vendor": "RTI",
"versions": [
{
"lessThan": "7.6.0",
"status": "affected",
"version": "7.4.0",
"versionType": "custom"
},
{
"lessThan": "7.3.0.9",
"status": "affected",
"version": "7.2.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.6.0",
"versionStartIncluding": "7.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.3.0.9",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negated": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-09-16T07:53:06.015Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.\u003cp\u003eThis issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.2.0 before 7.3.0.9.\u003c/p\u003e"
}
],
"value": "Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.2.0 before 7.3.0.9."
}
],
"impacts": [
{
"capecId": "CAPEC-129",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-129 Pointer Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-822",
"description": "CWE-822 Untrusted Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T16:14:16.045Z",
"orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
"shortName": "RTI"
},
"references": [
{
"url": "https://www.rti.com/vulnerabilities/#cve-2025-1255"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.",
"x_generator": {
"engine": "RTI Lubna 1.14.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
"assignerShortName": "RTI",
"cveId": "CVE-2025-1255",
"datePublished": "2025-09-23T17:50:51.857Z",
"dateReserved": "2025-02-12T15:31:58.591Z",
"dateUpdated": "2025-12-16T16:14:16.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-1254 (GCVE-0-2025-1254)
Vulnerability from cvelistv5 – Published: 2025-05-08 08:32 – Updated: 2025-12-16 16:14
VLAI?
Title
Out-of-bounds Read, Out-of-bounds Write vulnerability in RTI Connext Professional (Recording Service) allows Overflow Buffers, Overread Buffers.
Summary
Out-of-bounds Read, Out-of-bounds Write vulnerability in RTI Connext Professional (Recording Service) allows Overflow Buffers, Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from 6.0.0 before 6.0.1.42.
Severity ?
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| RTI | Connext Professional |
Affected:
7.4.0 , < 7.5.0
(custom)
Affected: 7.0.0 , < 7.3.0.7 (custom) Affected: 6.1.0 , < 6.1.2.23 (custom) Affected: 6.0.0 , < 6.0.1.42 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1254",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T13:54:50.480897Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T13:55:52.753Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Recording Service"
],
"packageName": "connext_professional",
"packageURL": "pkg:generic/connext_professional",
"product": "Connext Professional",
"vendor": "RTI",
"versions": [
{
"lessThan": "7.5.0",
"status": "affected",
"version": "7.4.0",
"versionType": "custom"
},
{
"lessThan": "7.3.0.7",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
},
{
"lessThan": "6.1.2.23",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
},
{
"lessThan": "6.0.1.42",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.5.0",
"versionStartIncluding": "7.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.3.0.7",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.2.23",
"versionStartIncluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.1.42",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negated": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-05-06T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Out-of-bounds Read, Out-of-bounds Write vulnerability in RTI Connext Professional (Recording Service) allows Overflow Buffers, Overread Buffers.\u003cp\u003eThis issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from 6.0.0 before 6.0.1.42.\u003c/p\u003e"
}
],
"value": "Out-of-bounds Read, Out-of-bounds Write vulnerability in RTI Connext Professional (Recording Service) allows Overflow Buffers, Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from 6.0.0 before 6.0.1.42."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
},
{
"capecId": "CAPEC-540",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-540 Overread Buffers"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Security Extensions Enabled"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T16:14:07.918Z",
"orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
"shortName": "RTI"
},
"references": [
{
"url": "https://www.rti.com/vulnerabilities/#cve-2025-1254"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds Read, Out-of-bounds Write vulnerability in RTI Connext Professional (Recording Service) allows Overflow Buffers, Overread Buffers.",
"x_generator": {
"engine": "RTI Lubna 1.14.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
"assignerShortName": "RTI",
"cveId": "CVE-2025-1254",
"datePublished": "2025-05-08T08:32:43.287Z",
"dateReserved": "2025-02-12T15:31:57.062Z",
"dateUpdated": "2025-12-16T16:14:07.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-1253 (GCVE-0-2025-1253)
Vulnerability from cvelistv5 – Published: 2025-05-08 08:32 – Updated: 2025-12-16 16:14
VLAI?
Title
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Stack-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.
Summary
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Stack-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from 6.0.0 before 6.0.1.42, from 5.3.0 before 5.3.*, from 4.5c before 5.2.*.
Severity ?
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| RTI | Connext Professional |
Affected:
7.4.0 , < 7.5.0
(custom)
Affected: 7.0.0 , < 7.3.0.7 (custom) Affected: 6.1.0 , < 6.1.2.23 (custom) Affected: 6.0.0 , < 6.0.1.42 (custom) Affected: 5.3.0 , < 5.3.* (custom) Affected: 4.5c , < 5.2.* (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1253",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T14:04:18.526938Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T14:04:37.577Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Core Libraries"
],
"packageName": "connext_professional",
"packageURL": "pkg:generic/connext_professional",
"product": "Connext Professional",
"vendor": "RTI",
"versions": [
{
"lessThan": "7.5.0",
"status": "affected",
"version": "7.4.0",
"versionType": "custom"
},
{
"lessThan": "7.3.0.7",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
},
{
"lessThan": "6.1.2.23",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
},
{
"lessThan": "6.0.1.42",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
},
{
"lessThan": "5.3.*",
"status": "affected",
"version": "5.3.0",
"versionType": "custom"
},
{
"lessThan": "5.2.*",
"status": "affected",
"version": "4.5c",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.5.0",
"versionStartIncluding": "7.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.3.0.7",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.2.23",
"versionStartIncluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.1.42",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.3.*",
"versionStartIncluding": "5.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.2.*",
"versionStartIncluding": "4.5c",
"vulnerable": true
}
],
"negated": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-05-06T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027), Stack-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.\u003cp\u003eThis issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from 6.0.0 before 6.0.1.42, from 5.3.0 before 5.3.*, from 4.5c before 5.2.*.\u003c/p\u003e"
}
],
"value": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027), Stack-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from 6.0.0 before 6.0.1.42, from 5.3.0 before 5.3.*, from 4.5c before 5.2.*."
}
],
"impacts": [
{
"capecId": "CAPEC-46",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-46 Overflow Variables and Tags"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Security Extensions Enabled"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T16:14:01.391Z",
"orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
"shortName": "RTI"
},
"references": [
{
"url": "https://www.rti.com/vulnerabilities/#cve-2025-1253"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027), Stack-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.",
"x_generator": {
"engine": "RTI Lubna 1.14.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
"assignerShortName": "RTI",
"cveId": "CVE-2025-1253",
"datePublished": "2025-05-08T08:32:35.311Z",
"dateReserved": "2025-02-12T15:31:54.861Z",
"dateUpdated": "2025-12-16T16:14:01.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-1252 (GCVE-0-2025-1252)
Vulnerability from cvelistv5 – Published: 2025-05-08 08:31 – Updated: 2025-12-16 16:13
VLAI?
Title
Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.
Summary
Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from 6.0.0 before 6.0.1.42, from 5.3.0 before 5.3.*, from 4.4d before 5.2.*.
Severity ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| RTI | Connext Professional |
Affected:
7.4.0 , < 7.5.0
(custom)
Affected: 7.0.0 , < 7.3.0.7 (custom) Affected: 6.1.0 , < 6.1.2.23 (custom) Affected: 6.0.0 , < 6.0.1.42 (custom) Affected: 5.3.0 , < 5.3.* (custom) Affected: 4.4d , < 5.2.* (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1252",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T14:05:57.235012Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T14:06:13.494Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Core Libraries"
],
"packageName": "connext_professional",
"packageURL": "pkg:generic/connext_professional",
"product": "Connext Professional",
"vendor": "RTI",
"versions": [
{
"lessThan": "7.5.0",
"status": "affected",
"version": "7.4.0",
"versionType": "custom"
},
{
"lessThan": "7.3.0.7",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
},
{
"lessThan": "6.1.2.23",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
},
{
"lessThan": "6.0.1.42",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
},
{
"lessThan": "5.3.*",
"status": "affected",
"version": "5.3.0",
"versionType": "custom"
},
{
"lessThan": "5.2.*",
"status": "affected",
"version": "4.4d",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.5.0",
"versionStartIncluding": "7.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.3.0.7",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.2.23",
"versionStartIncluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.1.42",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.3.*",
"versionStartIncluding": "5.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.2.*",
"versionStartIncluding": "4.4d",
"vulnerable": true
}
],
"negated": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-05-06T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.\u003cp\u003eThis issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from 6.0.0 before 6.0.1.42, from 5.3.0 before 5.3.*, from 4.4d before 5.2.*.\u003c/p\u003e"
}
],
"value": "Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from 6.0.0 before 6.0.1.42, from 5.3.0 before 5.3.*, from 4.4d before 5.2.*."
}
],
"impacts": [
{
"capecId": "CAPEC-46",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-46 Overflow Variables and Tags"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Security Extensions Enabled"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T16:13:26.347Z",
"orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
"shortName": "RTI"
},
"references": [
{
"url": "https://www.rti.com/vulnerabilities/#cve-2025-1252"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.",
"x_generator": {
"engine": "RTI Lubna 1.14.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
"assignerShortName": "RTI",
"cveId": "CVE-2025-1252",
"datePublished": "2025-05-08T08:31:14.144Z",
"dateReserved": "2025-02-12T15:31:51.731Z",
"dateUpdated": "2025-12-16T16:13:26.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}