{"id":"CVE-2025-67109","details":"Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands with System privileges.","modified":"2026-04-10T05:35:43.191208Z","published":"2025-12-23T16:16:23.057Z","references":[{"type":"WEB","url":"http://eclipse.com"},{"type":"WEB","url":"https://github.com/eclipse-cyclonedds/cyclonedds/blob/master/src/ddsrt/src/time/posix/time.c#L28"},{"type":"WEB","url":"https://github.com/eclipse-cyclonedds/cyclonedds/blob/master/src/security/builtin_plugins/authentication/src/auth_utils.c#L84"},{"type":"ADVISORY","url":"https://gist.github.com/lkloliver/669e15bc7e6194133e4ee1026ce157e6"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/eclipse-cyclonedds/cyclonedds","events":[{"introduced":"0"},{"fixed":"2cdd114cbd18340c606573b4cc8dc20cc161ec5a"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.10.5"}]}}],"versions":["0.10.1","0.10.2","0.10.2rc1","0.10.3","0.10.4","0.5.1","0.6.0","0.6.0rc1","0.7.0","0.7.0rc1","0.8.0beta2","0.8.0rc1","0.8.0rc2","0.9.0a1","V0.1.0","V0.5.0","V0.5.0rc1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-67109.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}]}