Description
An issue in Eprosima Micro-XREC-DDS Agent v.3.0.1 allows a remote attacker to cause a denial of service via a packet specially crafted to bear a non-valid value in any Boolean field.
Published: 2026-05-01
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An attacker can target the Eprosima Micro‑XRCE‑DDS Agent by sending a packet that contains an invalid Boolean value in any Boolean field. The lack of proper validation (CWE‑241) causes the agent to mishandle the field, triggering an internal exception or resource exhaustion (CWE‑400). The result is a denial of service, preventing the agent from responding, while no data is compromised or disclosed. The description infers that the void Boolean field can be any field processed by the agent and that the packet reaches the agent across the network, implying a remote attack vector.

Affected Systems

The vulnerability is limited to Eprosima Micro‑XRCE‑DDS Agent version 3.0.1, with no other versions or products reported as affected in the available data.

Risk and Exploitability

The exploit is remote, requiring network communication to the agent. No official fix or workaround has been published, and the vulnerability is not listed in the CISA KEV catalog. The CVSS score of 7.5 indicates a high severity. Because the EPSS score is not available and no patch exists, the effective exploitation probability is difficult to gauge, yet the denial of service impact makes it a high‑risk issue for environments that depend on continuous DDS agent operation.

Generated by OpenCVE AI on May 2, 2026 at 07:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check for and install any released patch for Micro‑XRCE‑DDS Agent v3.0.1
  • If a patch is not yet available, restrict network access to the DDS agent to trusted internal networks only
  • Use packet filtering or firewall rules to block malformed packets that contain invalid Boolean values
  • Monitor system logs for repeated failure or exception events that may indicate attempted exploitation

Generated by OpenCVE AI on May 2, 2026 at 07:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 02 May 2026 08:15:00 +0000

Type Values Removed Values Added
Title Remote DoS via Invalid Boolean Field in Eprosima Micro‑XRCE‑DDS Agent

Fri, 01 May 2026 19:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-241

Fri, 01 May 2026 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-400
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 01 May 2026 17:45:00 +0000

Type Values Removed Values Added
Description An issue in Eprosima Micro-XREC-DDS Agent v.3.0.1 allows a remote attacker to cause a denial of service via a packet specially crafted to bear a non-valid value in any Boolean field.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-01T18:50:03.202Z

Reserved: 2025-10-27T00:00:00.000Z

Link: CVE-2025-63548

cve-icon Vulnrichment

Updated: 2026-05-01T18:24:17.911Z

cve-icon NVD

Status : Received

Published: 2026-05-01T18:16:13.477

Modified: 2026-05-01T19:16:29.203

Link: CVE-2025-63548

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T08:00:14Z

Weaknesses