Description
An issue in Eprosima Micro-XREC-DDS Agent v.3.0.1 allows a remote attacker to cause a denial of service via a packet specially crafted to bear a non-valid value in any Boolean field.
Published: 2026-05-01
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An attacker can target the Eprosima Micro‑XRCE‑DDS Agent by sending a packet that contains an invalid Boolean value in any Boolean field. The lack of proper validation (CWE‑241) causes the agent to mishandle the field, triggering an internal exception that can lead to resource exhaustion. The result is a denial of service, preventing the agent from responding, while no data is compromised or disclosed. The description infers that the void Boolean field can be any field processed by the agent and that the packet reaches the agent across the network, implying a remote attack vector.

Affected Systems

The vulnerability is limited to Eprosima Micro‑XRCE‑DDS Agent version 3.0.1, with no other versions or products reported as affected in the available data.

Risk and Exploitability

The exploit is remote, requiring network communication to the agent. No official fix or workaround has been published, and the vulnerability is not listed in the CISA KEV catalog. The CVSS score of 7.5 indicates a high severity. Because the EPSS score is less than 1% and no patch exists, the effective exploitation probability is low, yet the denial of service impact makes it a high‑risk issue for environments that depend on continuous DDS agent operation.

Generated by OpenCVE AI on May 3, 2026 at 05:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check for and install any released patch for Micro‑XRCE‑DDS Agent v3.0.1
  • If a patch is not yet available, restrict network access to the DDS agent to trusted internal networks only
  • Use packet filtering or firewall rules to block malformed packets that contain invalid Boolean values
  • Monitor system logs for repeated failure or exception events that may indicate attempted exploitation

Generated by OpenCVE AI on May 3, 2026 at 05:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 04 May 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Eprosima
Eprosima micro-xrce-dds Agent
Vendors & Products Eprosima
Eprosima micro-xrce-dds Agent

Sun, 03 May 2026 06:15:00 +0000

Type Values Removed Values Added
Title Remote DoS via Invalid Boolean Field in Eprosima Micro‑XRCE‑DDS Agent

Sun, 03 May 2026 04:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-400

Sat, 02 May 2026 08:15:00 +0000

Type Values Removed Values Added
Title Remote DoS via Invalid Boolean Field in Eprosima Micro‑XRCE‑DDS Agent

Fri, 01 May 2026 19:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-241

Fri, 01 May 2026 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-400
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 01 May 2026 17:45:00 +0000

Type Values Removed Values Added
Description An issue in Eprosima Micro-XREC-DDS Agent v.3.0.1 allows a remote attacker to cause a denial of service via a packet specially crafted to bear a non-valid value in any Boolean field.
References

Subscriptions

Eprosima Micro-xrce-dds Agent
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-01T18:50:03.202Z

Reserved: 2025-10-27T00:00:00.000Z

Link: CVE-2025-63548

cve-icon Vulnrichment

Updated: 2026-05-01T18:24:17.911Z

cve-icon NVD

Status : Deferred

Published: 2026-05-01T18:16:13.477

Modified: 2026-05-05T19:39:58.510

Link: CVE-2025-63548

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T19:45:10Z

Weaknesses