ГлавнаяУязвимости → CVE-2025-67109
10критическая

CVE-2025-67109

Описание

Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands with System privileges.

Затрагиваемое ПО
Eclipse Cyclone data distribution service
CVSS
Балл10 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Источники
https://gist.github.com/lkloliver/669e15bc7e6194133e4ee1026ce157e6https://github.com/eclipse-cyclonedds/cyclonedds/blob/master/src/ddsrt/src/time/posix/time.c#L28https://github.com/eclipse-cyclonedds/cyclonedds/blob/master/src/security/builtin_plugins/authentication/src/auth_utils.c#L84