CNNVD-202512-4136 Information
CNNVD ID
CNNVD-202512-4136
Related CVE
- CNNVD Published: 2025-12-23
Description (Chinese)
Eclipse Cyclone DDS是Eclipse基金会的一个非常高性能和健壮的开源 DDS 实现。 Eclipse Cyclone DDS 0.10.5之前版本存在安全漏洞,该漏洞源于时间证书验证不当,可能导致权限提升。
Description (English)
Eclipse Cyclone DDS is a very high performance and robust open source of DDS for the Eclipse Foundation. There is a security loophole in the pre-Eclipse Cyclone DDS 0.10.5 version, which stems from the improper certification of time certificates, which may lead to an increase in privileges.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
Eclipse
Published
2025-12-23
Last Modified
2026-02-24
References
http://eclipse.com https://gist.github.com/lkloliver/669e15bc7e6194133e4ee1026ce157e6 https://github.com/eclipse-cyclonedds/cyclonedds/blob/master/src/ddsrt/src/time/posix/time.c#L28 https://github.com/eclipse-cyclonedds/cyclonedds/blob/master/src/security/builtin_plugins/authentication/src/auth_utils.c#L84 https://access.redhat.com/security/cve/cve-2025-67109
Patch
https://github.com/eclipse-cyclonedds/cyclonedds/releases
Share on: