CVE-2025-67109CRITICAL 10.0EPSS p21.4%

CVE-2025-67109CVE-2025-67109

Description

Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands with System privileges.

Scoring

CVSS 3.110.0 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS0.30% probability of exploitation · percentile 21.4% · 2026-06-18T12:00:27Z
Published2025-12-23
Last modified2026-01-06

Underlying weaknesses· 1

CWE-298

References

  1. http://eclipse.com
  2. https://gist.github.com/lkloliver/669e15bc7e6194133e4ee1026ce157e6
  3. https://github.com/eclipse-cyclonedds/cyclonedds/blob/master/src/ddsrt/src/time/posix/time.c#L28
  4. https://github.com/eclipse-cyclonedds/cyclonedds/blob/master/src/security/builtin_plugins/authentication/src/auth_utils.c#L84

1

TypeTargetConfidenceTier
WeaknessImproper Validation of Certificate Expirationcwe-2980%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-64091
CVE
CVE-2025-41659
CVE
CVE-2025-60957
CVE
CVE-2025-60965
CVE
CVE-2025-60960
CVE
CVE-2025-60963
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.