Main Vulnerability Database SB20250211175

SB20250211175 - Improper Certificate Validation in Fast DDS

Published: February 11, 2025 Updated: April 9, 2026

Security Bulletin ID SB20250211175

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper Certificate Validation (CVE-ID: CVE-2025-24807)

The vulnerability allows a local user to accept governance or permissions from an expired permissions certificate authority.

The vulnerability exists due to improper certificate validation in the access control plugin when validating S/MIME-signed governance or permissions data. A local user can provide data signed by an expired permissions certificate authority to accept governance or permissions from an expired permissions certificate authority.

The permissions certificate authority chain is not fully validated, and the issue also affects deployments where the permissions certificate authority is not self-signed and includes the full certificate chain.

Remediation

Install update from vendor's website.

References

https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-w33g-jmm2-8983