What is the severity of CVE-2025-64438?

CVE-2025-64438 has a CVSS v3 score of 0, which is classified as Low severity.

Is there an exploit available for CVE-2025-64438?

No known public exploits are currently available for CVE-2025-64438.

Is there a patch available for CVE-2025-64438?

Yes, patches are available for CVE-2025-64438. Check the vendor advisories for update instructions.

CVE-2025-64438 - CVE Details, Severity, and Analysis

Severity Scores

CVSS v30.0

CVSS v20.0

Priority Score0.0

EPSS Score0.0

None

Exploitation LikelihoodMinimal

0.00%EPSS

Very low probability of exploitation

Monitor and patch as resources allow

0.00%

EPSS

0.0

CVSS

No

Exploit

Yes

Patch

Low Priority

no major risk factors

EPSS predicts the probability of exploitation in the next 30 days based on real-world threat data, complementing CVSS severity scores with actual risk assessment.

Description

Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, a remotely triggerable Out-of-Memory (OOM) denial-of-service exists in Fast -DDS when processing RTPS GAP submessages under RELIABLE QoS. By sending a tiny GAP packet with a huge gap range (gapList .base - gapStart), an attacker drives StatefulReader::processGapMsg() into an unbounded loop that inserts millions of s equence numbers into WriterProxy::changes_received_ (std::set), causing multi-GB heap growth and process termination. No authentication is required beyond network reachability to the reader on the DDS domain. In environments without an RSS limit (non-ASan / unlimited), memory consumption was observed to rise to ~64 GB. Versions 3.4.1, 3.3.1, and 2.6.11 patch t he issue.

CVSS v3 Breakdown

Attack Vector:-

Attack Complexity:-

Privileges Required:-

User Interaction:-

Scope:-

Confidentiality:-

Integrity:-

Availability:-