Description
An issue in Eprosima Micro-XREC-DDS Agent v.3.0.1 allows a remote attacker to cause a denial of service via a crafted packet to the MTU length field
Published: 2026-05-01
Score: 7.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An attacker can send a malicious packet that modifies the MTU length field, causing the Eprosima Micro‑XRCE‑DDS Agent to drop packets or enter an error state. This results in a denial of service that affects only the targeted agent instance. The weakness is a failure to validate input length fields, allowing crafted data to disrupt normal operation. Based on the description, it is inferred that the attack vector is over the network via a crafted packet.

Affected Systems

Eprosima Micro‑XRCE‑DDS Agent version 3.0.1 is affected. No other vendors or products are listed, and the vulnerability is specific to this release.

Risk and Exploitability

The vulnerability is remote, as a crafted packet can be sent over the network to the agent. CVSS score of 7.5 and EPSS not available, and the vulnerability is not listed in the CISA KEV catalog, indicating that there are no known public exploits yet. Nonetheless, in an environment where the agent is exposed to untrusted networks, the risk of a local or remote denial of service could interrupt operations or render a critical messaging endpoint unavailable.

Generated by OpenCVE AI on May 2, 2026 at 07:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest version of Eprosima Micro‑XRCE‑DDS Agent once a patch is released.
  • Restrict inbound traffic to the agent by applying firewall rules or placing the agent in an isolated network segment.
  • Monitor the agent logs for unusual MTU values or packet loss patterns and alert on repeated attempts to craft malformed packets.

Generated by OpenCVE AI on May 2, 2026 at 07:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 02 May 2026 08:15:00 +0000

Type Values Removed Values Added
Title Denial of Service via Crafted MTU Length in Eprosima Micro-XRCE‑DDS Agent v3.0.1

Fri, 01 May 2026 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-805
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 01 May 2026 17:45:00 +0000

Type Values Removed Values Added
Description An issue in Eprosima Micro-XREC-DDS Agent v.3.0.1 allows a remote attacker to cause a denial of service via a crafted packet to the MTU length field
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-01T18:51:18.913Z

Reserved: 2025-10-27T00:00:00.000Z

Link: CVE-2025-63547

cve-icon Vulnrichment

Updated: 2026-05-01T18:29:02.391Z

cve-icon NVD

Status : Received

Published: 2026-05-01T18:16:13.310

Modified: 2026-05-01T19:16:29.050

Link: CVE-2025-63547

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T08:00:14Z

Weaknesses