Out-of-Bounds Read and Write Vulnerability in RTI Connext Professional
CVE-2025-1254

7.3HIGH

Key Information:

Vendor: Rti
Status: Connext Professional
Vendor: CVE Published:; 8 May 2025

What is CVE-2025-1254?

An out-of-bounds read and write vulnerability in RTI Connext Professional Core Libraries can potentially allow attackers to read from or write to memory locations beyond intended buffers. This issue affects multiple versions of Connext Professional, specifically from 6.0.0 to 6.1.2.22, 7.0.0 to 7.3.0.6, and 7.4.0 up to, but not including, 7.5.0. Exploitation may lead to unexpected behavior, including data corruption and system crashes, emphasizing the need for prompt patching to secure installations.

Affected Version(s)

Connext Professional 7.4.0 < 7.5.0

Connext Professional 7.0.0 < 7.3.0.7

Connext Professional 6.1.0 < 6.1.2.23

References

https://www.rti.com/vulnerabilities/#cve-2025-1254

CVSS V4

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 8, 2025
Vulnerability Reserved
Feb 12, 2025

Rti

What is CVE-2025-1254?

Affected Version(s)

References

CVSS V4

Timeline