CVE-2025-67109

Critical CVSS: 10.0

Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands with System privileges.

Vendor

Eclipse

Product

Cyclone Data Distribution Service

CWE

CWE-298

Yayın Tarihi

2025-12-23 16:16:23

Güncelleme

2026-01-06 17:42:00

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-298 Cyclone Data Distribution Service CRITICAL Eclipse 2025

Referanslar

http://eclipse.com https://gist.github.com/lkloliver/669e15bc7e6194133e4ee1026ce157e6 https://github.com/eclipse-cyclonedds/cyclonedds/blob/master/src/ddsrt/src/time/posix/time.c#L28 https://github.com/eclipse-cyclonedds/cyclonedds/blob/master/src/security/builtin_plugins/authentication/src/auth_utils.c#L84

Benzer Kayıtlar

Critical

CVE-2026-24457

An unsafe parsing of OpenMQ's configuration, allows a remote attacker to read arbitrary files from a MQ Broker's server.…

High

CVE-2026-1605

In Eclipse Jetty, versions 12.0.0-12.0.31 and 12.1.0-12.0.5, class GzipHandler exposes a vulnerability when a compressed…

Low

CVE-2025-11143

The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Different…

Critical

CVE-2026-1699

In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview.yml used pull_request_tar…

Medium

CVE-2026-1188

In the Eclipse OMR port library component since release 0.2.0, an API function to return the textual names of all suppor…

High

CVE-2026-0648

The vulnerability stems from an incorrect error-checking logic in the CreateCounter() function (in threadx/utility/rtos_…