Primary

Context

RTI Connext Professional Use-After-Free Vulnerability in Security Plugins Allowing File Manipulation

Vulnerability

Patched

A use-after-free vulnerability has been identified in RTI Connext Professional Security Plugins, versions 7.5.0 prior to 7.6.0. This vulnerability allows for file manipulation by creating a race condition that can be exploited under certain circumstances.

Impact

Exploitation of this vulnerability could lead to a heap buffer over-read, allowing for unauthorized access to memory contents, and potentially causing a crash in the affected Connext application.

Remediation

Users can protect access to the file system from which Connext applications are loading identity certificate files. Additionally, set the 'com.rti.serv.secure.files_poll_interval' property value to '0' and programmatically call 'DomainParticipant::set_qos()' to change the identity certificate.

Added: Sep 23, 2025, 6:17 PM

Updated: Sep 23, 2025, 6:17 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

3.1

remediation

8.3

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

3.1

remediation

8.3

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

RTI Connext Professional Use-After-Free Vulnerability in Security Plugins Allowing File Manipulation

Vulnerability

Impact

Remediation

Affected Products

RTI Connext Professional

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating