Search

Find a vulnerability

Search criteria

    56 vulnerabilities found for Connext Professional by RTI

    CVE-2026-7300 (GCVE-0-2026-7300)

    Vulnerability from nvd – Published: 2026-06-17 17:20 – Updated: 2026-06-17 18:00
    VLAI
    Title
    Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Web Integration Service) allows Filter Failure through Buffer Overflow.
    Summary
    Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Web Integration Service) allows Filter Failure through Buffer Overflow.This issue affects Connext Professional: from 7.4.0 before 7.*, from 7.0.0 before 7.3.1.3, from 6.1.2 before 6.1.*.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    RTI
    References
    Impacted products
    Vendor Product Version
    RTI Connext Professional Affected: 7.4.0 , < 7.* (custom)
    Affected: 7.0.0 , < 7.3.1.3 (custom)
    Affected: 6.1.2 , < 6.1.* (custom)
    Create a notification for this product.
    Date Public
    2026-06-12 16:21
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7300",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-17T18:00:26.868901Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-17T18:00:33.855Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web Integration Service"
              ],
              "packageName": "connext_professional",
              "packageURL": "pkg:generic/connext_professional",
              "product": "Connext Professional",
              "vendor": "RTI",
              "versions": [
                {
                  "lessThan": "7.*",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.3.1.3",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.1.*",
                  "status": "affected",
                  "version": "6.1.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.*",
                      "versionStartIncluding": "7.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.3.1.3",
                      "versionStartIncluding": "7.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.*",
                      "versionStartIncluding": "6.1.2",
                      "vulnerable": true
                    }
                  ],
                  "negated": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-06-12T16:21:03.596Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in RTI Connext Professional (Web Integration Service) allows Filter Failure through Buffer Overflow.\u003cp\u003eThis issue affects Connext Professional: from 7.4.0 before 7.*, from 7.0.0 before 7.3.1.3, from 6.1.2 before 6.1.*.\u003c/p\u003e"
                }
              ],
              "value": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in RTI Connext Professional (Web Integration Service) allows Filter Failure through Buffer Overflow.This issue affects Connext Professional: from 7.4.0 before 7.*, from 7.0.0 before 7.3.1.3, from 6.1.2 before 6.1.*."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-24",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-24 Filter Failure through Buffer Overflow"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "Security Extensions Enabled"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-17T17:20:19.053Z",
            "orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
            "shortName": "RTI"
          },
          "references": [
            {
              "url": "https://www.rti.com/vulnerabilities/#cve-2026-7300"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in RTI Connext Professional (Web Integration Service) allows Filter Failure through Buffer Overflow.",
          "x_generator": {
            "engine": "RTI Lubna 1.17.6"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
        "assignerShortName": "RTI",
        "cveId": "CVE-2026-7300",
        "datePublished": "2026-06-17T17:20:19.053Z",
        "dateReserved": "2026-04-28T11:35:56.277Z",
        "dateUpdated": "2026-06-17T18:00:33.855Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3894 (GCVE-0-2026-3894)

    Vulnerability from nvd – Published: 2026-06-17 17:19 – Updated: 2026-06-17 18:01
    VLAI
    Title
    Out-of-bounds Read vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers.
    Summary
    Out-of-bounds Read vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 5.0.0 before 5.2.*.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    RTI
    References
    Impacted products
    Vendor Product Version
    RTI Connext Professional Affected: 7.4.0 , < 7.7.0 (custom)
    Affected: 7.0.0 , < 7.3.1.3 (custom)
    Affected: 6.1.0 , < 6.1.* (custom)
    Affected: 6.0.0 , < 6.0.* (custom)
    Affected: 5.3.0 , < 5.3.* (custom)
    Affected: 5.0.0 , < 5.2.* (custom)
    Create a notification for this product.
    Date Public
    2026-06-12 16:21
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3894",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-17T18:01:05.016536Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-17T18:01:16.597Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Core Libraries"
              ],
              "packageName": "connext_professional",
              "packageURL": "pkg:generic/connext_professional",
              "product": "Connext Professional",
              "vendor": "RTI",
              "versions": [
                {
                  "lessThan": "7.7.0",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.3.1.3",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.1.*",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.0.*",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.3.*",
                  "status": "affected",
                  "version": "5.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.2.*",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.7.0",
                      "versionStartIncluding": "7.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.3.1.3",
                      "versionStartIncluding": "7.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.*",
                      "versionStartIncluding": "6.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.0.*",
                      "versionStartIncluding": "6.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.3.*",
                      "versionStartIncluding": "5.3.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.2.*",
                      "versionStartIncluding": "5.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negated": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-06-12T16:21:30.938Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Out-of-bounds Read vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers.\u003cp\u003eThis issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 5.0.0 before 5.2.*.\u003c/p\u003e"
                }
              ],
              "value": "Out-of-bounds Read vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 5.0.0 before 5.2.*."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-540",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-540 Overread Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.2,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:L/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:L/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "Security Extensions Enabled"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-17T17:19:25.994Z",
            "orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
            "shortName": "RTI"
          },
          "references": [
            {
              "url": "https://www.rti.com/vulnerabilities/#cve-2026-3894"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Out-of-bounds Read vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers.",
          "x_generator": {
            "engine": "RTI Lubna 1.17.6"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
        "assignerShortName": "RTI",
        "cveId": "CVE-2026-3894",
        "datePublished": "2026-06-17T17:19:25.994Z",
        "dateReserved": "2026-03-10T17:09:23.192Z",
        "dateUpdated": "2026-06-17T18:01:16.597Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-30799 (GCVE-0-2026-30799)

    Vulnerability from nvd – Published: 2026-06-17 17:20 – Updated: 2026-06-17 17:59
    VLAI
    Title
    Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Identity Spoofing.
    Summary
    Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Identity Spoofing.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.*, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    RTI
    References
    Impacted products
    Vendor Product Version
    RTI Connext Professional Affected: 7.4.0 , < 7.7.0 (custom)
    Affected: 7.0.0 , < 7.3.* (custom)
    Affected: 6.1.0 , < 6.1.* (custom)
    Affected: 6.0.0 , < 6.0.* (custom)
    Affected: 5.3.0 , < 5.3.* (custom)
    Create a notification for this product.
    Date Public
    2026-06-12 16:21
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-30799",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-17T17:59:33.217064Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-17T17:59:38.181Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Security Plugins"
              ],
              "packageName": "connext_professional",
              "packageURL": "pkg:generic/connext_professional",
              "product": "Connext Professional",
              "vendor": "RTI",
              "versions": [
                {
                  "lessThan": "7.7.0",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.3.*",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.1.*",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.0.*",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.3.*",
                  "status": "affected",
                  "version": "5.3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.7.0",
                      "versionStartIncluding": "7.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.3.*",
                      "versionStartIncluding": "7.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.*",
                      "versionStartIncluding": "6.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.0.*",
                      "versionStartIncluding": "6.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.3.*",
                      "versionStartIncluding": "5.3.0",
                      "vulnerable": true
                    }
                  ],
                  "negated": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-06-12T16:21:41.140Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Identity Spoofing.\u003cp\u003eThis issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.*, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*.\u003c/p\u003e"
                }
              ],
              "value": "Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Identity Spoofing.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.*, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-151",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-151 Identity Spoofing"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "Security Extensions Enabled"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-17T17:20:36.133Z",
            "orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
            "shortName": "RTI"
          },
          "references": [
            {
              "url": "https://www.rti.com/vulnerabilities/#cve-2026-30799"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Identity Spoofing.",
          "x_generator": {
            "engine": "RTI Lubna 1.17.6"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
        "assignerShortName": "RTI",
        "cveId": "CVE-2026-30799",
        "datePublished": "2026-06-17T17:20:36.133Z",
        "dateReserved": "2026-03-05T14:43:37.191Z",
        "dateUpdated": "2026-06-17T17:59:38.181Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-2675 (GCVE-0-2026-2675)

    Vulnerability from nvd – Published: 2026-06-17 17:19 – Updated: 2026-06-17 18:02
    VLAI
    Title
    Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Fake the Source of Data.
    Summary
    Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Fake the Source of Data.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    RTI
    References
    Impacted products
    Vendor Product Version
    RTI Connext Professional Affected: 7.4.0 , < 7.7.0 (custom)
    Affected: 7.0.0 , < 7.3.1.3 (custom)
    Affected: 6.1.0 , < 6.1.* (custom)
    Affected: 6.0.0 , < 6.0.* (custom)
    Affected: 5.3.0 , < 5.3.* (custom)
    Create a notification for this product.
    Date Public
    2026-06-12 16:21
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2675",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-17T18:02:42.712673Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-17T18:02:48.305Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Security Plugins"
              ],
              "packageName": "connext_professional",
              "packageURL": "pkg:generic/connext_professional",
              "product": "Connext Professional",
              "vendor": "RTI",
              "versions": [
                {
                  "lessThan": "7.7.0",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.3.1.3",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.1.*",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.0.*",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.3.*",
                  "status": "affected",
                  "version": "5.3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.7.0",
                      "versionStartIncluding": "7.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.3.1.3",
                      "versionStartIncluding": "7.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.*",
                      "versionStartIncluding": "6.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.0.*",
                      "versionStartIncluding": "6.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.3.*",
                      "versionStartIncluding": "5.3.0",
                      "vulnerable": true
                    }
                  ],
                  "negated": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-06-12T16:21:43.715Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Fake the Source of Data.\u003cp\u003eThis issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*.\u003c/p\u003e"
                }
              ],
              "value": "Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Fake the Source of Data.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-194",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-194 Fake the Source of Data"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "Security Extensions Enabled"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-17T17:19:04.338Z",
            "orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
            "shortName": "RTI"
          },
          "references": [
            {
              "url": "https://www.rti.com/vulnerabilities/#cve-2026-2675"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Fake the Source of Data.",
          "x_generator": {
            "engine": "RTI Lubna 1.17.6"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
        "assignerShortName": "RTI",
        "cveId": "CVE-2026-2675",
        "datePublished": "2026-06-17T17:19:04.338Z",
        "dateReserved": "2026-02-18T10:34:04.994Z",
        "dateUpdated": "2026-06-17T18:02:48.305Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-2674 (GCVE-0-2026-2674)

    Vulnerability from nvd – Published: 2026-06-17 17:25 – Updated: 2026-06-25 15:46
    VLAI
    Title
    Out-of-bounds Write vulnerability in RTI Connext Professional (Queueing Service,Core Libraries,Persistence Service) allows Overflow Buffers.
    Summary
    Out-of-bounds Write, Out-of-bounds Write, Out-of-bounds Write vulnerability in RTI Connext Professional (Queueing Service,Core Libraries,Persistence Service) allows Overflow Buffers, Overflow Buffers, Overflow Buffers.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    RTI
    References
    Impacted products
    Vendor Product Version
    RTI Connext Professional Affected: 7.4.0 , < 7.7.0 (custom)
    Affected: 7.0.0 , < 7.3.1.3 (custom)
    Affected: 6.1.0 , < 6.1.* (custom)
    Create a notification for this product.
    Date Public
    2026-06-12 16:21
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2674",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-17T17:57:40.284382Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-17T17:57:49.845Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Queueing Service",
                "Core Libraries",
                "Persistence Service"
              ],
              "packageName": "connext_professional",
              "packageURL": "pkg:generic/connext_professional",
              "product": "Connext Professional",
              "vendor": "RTI",
              "versions": [
                {
                  "lessThan": "7.7.0",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.3.1.3",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.1.*",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.7.0",
                      "versionStartIncluding": "7.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.3.1.3",
                      "versionStartIncluding": "7.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.*",
                      "versionStartIncluding": "6.1.0",
                      "vulnerable": true
                    }
                  ],
                  "negated": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-06-12T16:21:46.351Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Out-of-bounds Write, Out-of-bounds Write, Out-of-bounds Write vulnerability in RTI Connext Professional (Queueing Service,Core Libraries,Persistence Service) allows Overflow Buffers, Overflow Buffers, Overflow Buffers.\u003cp\u003eThis issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*.\u003c/p\u003e"
                }
              ],
              "value": "Out-of-bounds Write, Out-of-bounds Write, Out-of-bounds Write vulnerability in RTI Connext Professional (Queueing Service,Core Libraries,Persistence Service) allows Overflow Buffers, Overflow Buffers, Overflow Buffers.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "Security Extensions Enabled"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-25T15:46:53.509Z",
            "orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
            "shortName": "RTI"
          },
          "references": [
            {
              "url": "https://www.rti.com/vulnerabilities/#cve-2026-2674"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Out-of-bounds Write vulnerability in RTI Connext Professional (Queueing Service,Core Libraries,Persistence Service) allows Overflow Buffers.",
          "x_generator": {
            "engine": "RTI Lubna 1.17.6"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
        "assignerShortName": "RTI",
        "cveId": "CVE-2026-2674",
        "datePublished": "2026-06-17T17:25:29.727Z",
        "dateReserved": "2026-02-18T10:33:04.882Z",
        "dateUpdated": "2026-06-25T15:46:53.509Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-2467 (GCVE-0-2026-2467)

    Vulnerability from nvd – Published: 2026-06-17 17:17 – Updated: 2026-06-17 18:03
    VLAI
    Title
    Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.
    Summary
    Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 5.0.0 before 5.2.*.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    RTI
    References
    Impacted products
    Vendor Product Version
    RTI Connext Professional Affected: 7.4.0 , < 7.7.0 (custom)
    Affected: 7.0.0 , < 7.3.1.3 (custom)
    Affected: 6.1.0 , < 6.1.* (custom)
    Affected: 6.0.0 , < 6.0.* (custom)
    Affected: 5.3.0 , < 5.3.* (custom)
    Affected: 5.0.0 , < 5.2.* (custom)
    Create a notification for this product.
    Date Public
    2026-06-12 16:21
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2467",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-17T18:03:21.528088Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-17T18:03:27.631Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Core Libraries"
              ],
              "packageName": "connext_professional",
              "packageURL": "pkg:generic/connext_professional",
              "product": "Connext Professional",
              "vendor": "RTI",
              "versions": [
                {
                  "lessThan": "7.7.0",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.3.1.3",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.1.*",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.0.*",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.3.*",
                  "status": "affected",
                  "version": "5.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.2.*",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.7.0",
                      "versionStartIncluding": "7.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.3.1.3",
                      "versionStartIncluding": "7.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.*",
                      "versionStartIncluding": "6.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.0.*",
                      "versionStartIncluding": "6.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.3.*",
                      "versionStartIncluding": "5.3.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.2.*",
                      "versionStartIncluding": "5.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negated": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-06-12T16:21:54.728Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.\u003cp\u003eThis issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 5.0.0 before 5.2.*.\u003c/p\u003e"
                }
              ],
              "value": "Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 5.0.0 before 5.2.*."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-46",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-46 Overflow Variables and Tags"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.2,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:L/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:L/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "Security Extensions Enabled"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122 Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-17T17:17:04.866Z",
            "orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
            "shortName": "RTI"
          },
          "references": [
            {
              "url": "https://www.rti.com/vulnerabilities/#cve-2026-2467"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.",
          "x_generator": {
            "engine": "RTI Lubna 1.17.6"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
        "assignerShortName": "RTI",
        "cveId": "CVE-2026-2467",
        "datePublished": "2026-06-17T17:17:04.866Z",
        "dateReserved": "2026-02-13T14:19:43.793Z",
        "dateUpdated": "2026-06-17T18:03:27.631Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-14543 (GCVE-0-2025-14543)

    Vulnerability from nvd – Published: 2026-04-30 15:25 – Updated: 2026-06-17 17:16
    VLAI
    Title
    Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Core Libraries) allows Serialized Data External Linking.
    Summary
    Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Core Libraries) allows Serialized Data External Linking.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.3x before 5.2.*.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-611 - Improper Restriction of XML External Entity Reference
    Assigner
    RTI
    References
    Impacted products
    Vendor Product Version
    RTI Connext Professional Affected: 7.4.0 , < 7.7.0 (custom)
    Affected: 7.0.0 , < 7.3.1.1 (custom)
    Affected: 6.1.0 , < 6.1.* (custom)
    Affected: 6.0.0 , < 6.0.* (custom)
    Affected: 5.3.0 , < 5.3.* (custom)
    Affected: 4.3x , < 5.2.* (custom)
    Create a notification for this product.
    Date Public
    2026-04-23 15:12
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-14543",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-30T15:42:00.570103Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-30T15:42:40.955Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Core Libraries"
              ],
              "packageName": "connext_professional",
              "packageURL": "pkg:generic/connext_professional",
              "product": "Connext Professional",
              "vendor": "RTI",
              "versions": [
                {
                  "lessThan": "7.7.0",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.3.1.1",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.1.*",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.0.*",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.3.*",
                  "status": "affected",
                  "version": "5.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.2.*",
                  "status": "affected",
                  "version": "4.3x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.7.0",
                      "versionStartIncluding": "7.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.3.1.1",
                      "versionStartIncluding": "7.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.*",
                      "versionStartIncluding": "6.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.0.*",
                      "versionStartIncluding": "6.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.3.*",
                      "versionStartIncluding": "5.3.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.2.*",
                      "versionStartIncluding": "4.3x",
                      "vulnerable": true
                    }
                  ],
                  "negated": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-04-23T15:12:47.958Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Core Libraries) allows Serialized Data External Linking.\u003cp\u003eThis issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.3x before 5.2.*.\u003c/p\u003e"
                }
              ],
              "value": "Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Core Libraries) allows Serialized Data External Linking.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.3x before 5.2.*."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-201",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-201 Serialized Data External Linking"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "Security Extensions Enabled"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-611",
                  "description": "CWE-611 Improper Restriction of XML External Entity Reference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-17T17:16:23.061Z",
            "orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
            "shortName": "RTI"
          },
          "references": [
            {
              "url": "https://www.rti.com/vulnerabilities/#cve-2025-14543"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Core Libraries) allows Serialized Data External Linking.",
          "x_generator": {
            "engine": "RTI Lubna 1.16.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
        "assignerShortName": "RTI",
        "cveId": "CVE-2025-14543",
        "datePublished": "2026-04-30T15:25:10.180Z",
        "dateReserved": "2025-12-11T15:00:13.943Z",
        "dateUpdated": "2026-06-17T17:16:23.061Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-4374 (GCVE-0-2026-4374)

    Vulnerability from nvd – Published: 2026-04-01 01:06 – Updated: 2026-06-25 15:47
    VLAI
    Title
    Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (multiple infrastructure services) allows Serialized Data External Linking, Data Serialization External Entities Blowup.
    Summary
    Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Cloud Discovery Service, Recording Service, Routing Service, Queueing Service, Observability Collector) allows Serialized Data External Linking, Data Serialization External Entities Blowup.<p>This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.1.0 before 7.3.1.1, from 6.1.0 before 6.1.2.34, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*.</p>
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-611 - Improper Restriction of XML External Entity Reference
    Assigner
    RTI
    References
    Impacted products
    Vendor Product Version
    RTI Connext Professional Affected: 7.4.0 , < 7.7.0 (custom)
    Affected: 7.1.0 , < 7.3.1.1 (custom)
    Affected: 6.1.0 , < 6.1.2.34 (custom)
    Affected: 6.0.0 , < 6.0.* (custom)
    Affected: 5.3.0 , < 5.3.* (custom)
    Create a notification for this product.
    Date Public
    2026-03-25 17:31
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4374",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-01T14:23:31.865417Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-01T15:51:42.809Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Cloud Discovery Service",
                "Recording Service",
                "Routing Service",
                "Queueing Service",
                "Observability Collector"
              ],
              "packageName": "connext_professional",
              "packageURL": "pkg:generic/connext_professional",
              "product": "Connext Professional",
              "vendor": "RTI",
              "versions": [
                {
                  "lessThan": "7.7.0",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.3.1.1",
                  "status": "affected",
                  "version": "7.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.1.2.34",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.0.*",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.3.*",
                  "status": "affected",
                  "version": "5.3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.7.0",
                      "versionStartIncluding": "7.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.3.1.1",
                      "versionStartIncluding": "7.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.2.34",
                      "versionStartIncluding": "6.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.0.*",
                      "versionStartIncluding": "6.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.3.*",
                      "versionStartIncluding": "5.3.0",
                      "vulnerable": true
                    }
                  ],
                  "negated": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-03-25T17:31:28.467Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Cloud Discovery Service, Recording Service, Routing Service, Queueing Service, Observability Collector) allows Serialized Data External Linking, Data Serialization External Entities Blowup.\u003cp\u003eThis issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.1.0 before 7.3.1.1, from 6.1.0 before 6.1.2.34, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*.\u003c/p\u003e"
                }
              ],
              "value": "Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Cloud Discovery Service, Recording Service, Routing Service, Queueing Service, Observability Collector) allows Serialized Data External Linking, Data Serialization External Entities Blowup.\u003cp\u003eThis issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.1.0 before 7.3.1.1, from 6.1.0 before 6.1.2.34, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*.\u003c/p\u003e"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-201",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-201 Serialized Data External Linking"
                }
              ]
            },
            {
              "capecId": "CAPEC-221",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-221 Data Serialization External Entities Blowup"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "Security Extensions Enabled"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-611",
                  "description": "CWE-611 Improper Restriction of XML External Entity Reference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-25T15:47:55.576Z",
            "orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
            "shortName": "RTI"
          },
          "references": [
            {
              "url": "https://www.rti.com/vulnerabilities/#cve-2026-4374"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (multiple infrastructure services) allows Serialized Data External Linking, Data Serialization External Entities Blowup.",
          "x_generator": {
            "engine": "RTI Lubna 1.16.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
        "assignerShortName": "RTI",
        "cveId": "CVE-2026-4374",
        "datePublished": "2026-04-01T01:06:40.064Z",
        "dateReserved": "2026-03-18T10:48:52.263Z",
        "dateUpdated": "2026-06-25T15:47:55.576Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-2394 (GCVE-0-2026-2394)

    Vulnerability from nvd – Published: 2026-04-01 00:52 – Updated: 2026-06-17 17:16
    VLAI
    Title
    Buffer Over-read vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers.
    Summary
    Buffer Over-read vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.2.34, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.3x before 5.2.*.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    RTI
    References
    Impacted products
    Vendor Product Version
    RTI Connext Professional Affected: 7.4.0 , < 7.7.0 (custom)
    Affected: 7.0.0 , < 7.3.1.1 (custom)
    Affected: 6.1.0 , < 6.1.2.34 (custom)
    Affected: 6.0.0 , < 6.0.* (custom)
    Affected: 5.3.0 , < 5.3.* (custom)
    Affected: 4.3x , < 5.2.* (custom)
    Create a notification for this product.
    Date Public
    2026-03-25 17:32
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2394",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-01T14:31:58.220725Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-01T15:51:51.642Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Core Libraries"
              ],
              "packageName": "connext_professional",
              "packageURL": "pkg:generic/connext_professional",
              "product": "Connext Professional",
              "vendor": "RTI",
              "versions": [
                {
                  "lessThan": "7.7.0",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.3.1.1",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.1.2.34",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.0.*",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.3.*",
                  "status": "affected",
                  "version": "5.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.2.*",
                  "status": "affected",
                  "version": "4.3x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.7.0",
                      "versionStartIncluding": "7.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.3.1.1",
                      "versionStartIncluding": "7.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.2.34",
                      "versionStartIncluding": "6.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.0.*",
                      "versionStartIncluding": "6.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.3.*",
                      "versionStartIncluding": "5.3.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.2.*",
                      "versionStartIncluding": "4.3x",
                      "vulnerable": true
                    }
                  ],
                  "negated": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-03-25T17:32:00.845Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Buffer Over-read vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers.\u003cp\u003eThis issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.2.34, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.3x before 5.2.*.\u003c/p\u003e"
                }
              ],
              "value": "Buffer Over-read vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.2.34, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.3x before 5.2.*."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-540",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-540 Overread Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "Security Extensions Enabled"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-126",
                  "description": "CWE-126 Buffer Over-read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-17T17:16:48.069Z",
            "orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
            "shortName": "RTI"
          },
          "references": [
            {
              "url": "https://www.rti.com/vulnerabilities/#cve-2026-2394"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Buffer Over-read vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers.",
          "x_generator": {
            "engine": "RTI Lubna 1.16.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
        "assignerShortName": "RTI",
        "cveId": "CVE-2026-2394",
        "datePublished": "2026-04-01T00:52:39.353Z",
        "dateReserved": "2026-02-12T10:13:55.938Z",
        "dateUpdated": "2026-06-17T17:16:48.069Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-10450 (GCVE-0-2025-10450)

    Vulnerability from nvd – Published: 2025-12-16 16:09 – Updated: 2026-04-01 01:09
    VLAI
    Title
    Exposure of Private Personal Information to an Unauthorized Actor vulnerability in RTI Connext Professional (Core Libraries) allows Sniffing Network Traffic.
    Summary
    Exposure of Private Personal Information to an Unauthorized Actor vulnerability in RTI Connext Professional (Core Libraries) allows Sniffing Network Traffic.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.2.0 before 7.3.1.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor
    Assigner
    RTI
    References
    Impacted products
    Vendor Product Version
    RTI Connext Professional Affected: 7.4.0 , < 7.7.0 (custom)
    Affected: 7.2.0 , < 7.3.1 (custom)
    Create a notification for this product.
    Date Public
    2025-12-09 15:44
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-10450",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-16T16:34:29.767172Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-16T16:35:50.604Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Core Libraries"
              ],
              "packageName": "connext_professional",
              "packageURL": "pkg:generic/connext_professional",
              "product": "Connext Professional",
              "vendor": "RTI",
              "versions": [
                {
                  "lessThan": "7.7.0",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.3.1",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.7.0",
                      "versionStartIncluding": "7.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.3.1",
                      "versionStartIncluding": "7.2.0",
                      "vulnerable": true
                    }
                  ],
                  "negated": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-12-09T15:44:25.740Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Exposure of Private Personal Information to an Unauthorized Actor vulnerability in RTI Connext Professional (Core Libraries) allows Sniffing Network Traffic.\u003cp\u003eThis issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.2.0 before 7.3.1.\u003c/p\u003e"
                }
              ],
              "value": "Exposure of Private Personal Information to an Unauthorized Actor vulnerability in RTI Connext Professional (Core Libraries) allows Sniffing Network Traffic.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.2.0 before 7.3.1."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-158",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-158 Sniffing Network Traffic"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "Security Extensions Enabled"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-359",
                  "description": "CWE-359 Exposure of Private Personal Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-01T01:09:01.609Z",
            "orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
            "shortName": "RTI"
          },
          "references": [
            {
              "url": "https://www.rti.com/vulnerabilities/#cve-2025-10450"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Exposure of Private Personal Information to an Unauthorized Actor vulnerability in RTI Connext Professional (Core Libraries) allows Sniffing Network Traffic.",
          "x_generator": {
            "engine": "RTI Lubna 1.15.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
        "assignerShortName": "RTI",
        "cveId": "CVE-2025-10450",
        "datePublished": "2025-12-16T16:09:30.693Z",
        "dateReserved": "2025-09-14T16:19:21.418Z",
        "dateUpdated": "2026-04-01T01:09:01.609Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-8410 (GCVE-0-2025-8410)

    Vulnerability from nvd – Published: 2025-09-23 17:52 – Updated: 2025-12-16 16:14
    VLAI
    Title
    Use After Free vulnerability in RTI Connext Professional (Security Plugins) allows File Manipulation.
    Summary
    Use After Free vulnerability in RTI Connext Professional (Security Plugins) allows File Manipulation.This issue affects Connext Professional: from 7.5.0 before 7.6.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    RTI
    References
    Impacted products
    Vendor Product Version
    RTI Connext Professional Affected: 7.5.0 , < 7.6.0 (custom)
    Create a notification for this product.
    Date Public
    2025-09-16 07:52
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-8410",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-23T18:29:15.954365Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-23T18:36:51.356Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Security Plugins"
              ],
              "packageName": "connext_professional",
              "packageURL": "pkg:generic/connext_professional",
              "product": "Connext Professional",
              "vendor": "RTI",
              "versions": [
                {
                  "lessThan": "7.6.0",
                  "status": "affected",
                  "version": "7.5.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.6.0",
                      "versionStartIncluding": "7.5.0",
                      "vulnerable": true
                    }
                  ],
                  "negated": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-09-16T07:52:42.037Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Use After Free vulnerability in RTI Connext Professional (Security Plugins) allows File Manipulation.\u003cp\u003eThis issue affects Connext Professional: from 7.5.0 before 7.6.0.\u003c/p\u003e"
                }
              ],
              "value": "Use After Free vulnerability in RTI Connext Professional (Security Plugins) allows File Manipulation.This issue affects Connext Professional: from 7.5.0 before 7.6.0."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-165",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-165 File Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 5.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "Security Extensions Enabled"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-16T16:14:58.480Z",
            "orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
            "shortName": "RTI"
          },
          "references": [
            {
              "url": "https://www.rti.com/vulnerabilities/#cve-2025-8410"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Use After Free vulnerability in RTI Connext Professional (Security Plugins) allows File Manipulation.",
          "x_generator": {
            "engine": "RTI Lubna 1.14.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
        "assignerShortName": "RTI",
        "cveId": "CVE-2025-8410",
        "datePublished": "2025-09-23T17:52:26.769Z",
        "dateReserved": "2025-07-31T08:26:06.499Z",
        "dateUpdated": "2025-12-16T16:14:58.480Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-4993 (GCVE-0-2025-4993)

    Vulnerability from nvd – Published: 2025-09-23 17:51 – Updated: 2026-04-01 01:08
    VLAI
    Title
    Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.
    Summary
    Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.10, from 6.1.0 before 6.1.2.27, from 6.0.0 before 6.0.1.43, from 5.3.0 before 5.3.*, from 4.4a before 5.2.*.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-822 - Untrusted Pointer Dereference
    Assigner
    RTI
    References
    Impacted products
    Vendor Product Version
    RTI Connext Professional Affected: 7.4.0 , < 7.6.0 (custom)
    Affected: 7.0.0 , < 7.3.0.10 (custom)
    Affected: 6.1.0 , < 6.1.2.27 (custom)
    Affected: 6.0.0 , < 6.0.1.43 (custom)
    Affected: 5.3.0 , < 5.3.* (custom)
    Affected: 4.4a , < 5.2.* (custom)
    Create a notification for this product.
    Date Public
    2025-09-16 07:52
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-4993",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-23T18:29:24.647721Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-23T18:36:56.917Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Core Libraries"
              ],
              "packageName": "connext_professional",
              "packageURL": "pkg:generic/connext_professional",
              "product": "Connext Professional",
              "vendor": "RTI",
              "versions": [
                {
                  "lessThan": "7.6.0",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.3.0.10",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.1.2.27",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.0.1.43",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.3.*",
                  "status": "affected",
                  "version": "5.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.2.*",
                  "status": "affected",
                  "version": "4.4a",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.6.0",
                      "versionStartIncluding": "7.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.3.0.10",
                      "versionStartIncluding": "7.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.2.27",
                      "versionStartIncluding": "6.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.0.1.43",
                      "versionStartIncluding": "6.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.3.*",
                      "versionStartIncluding": "5.3.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.2.*",
                      "versionStartIncluding": "4.4a",
                      "vulnerable": true
                    }
                  ],
                  "negated": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-09-16T07:52:54.107Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.\u003cp\u003eThis issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.10, from 6.1.0 before 6.1.2.27, from 6.0.0 before 6.0.1.43, from 5.3.0 before 5.3.*, from 4.4a before 5.2.*.\u003c/p\u003e"
                }
              ],
              "value": "Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.10, from 6.1.0 before 6.1.2.27, from 6.0.0 before 6.0.1.43, from 5.3.0 before 5.3.*, from 4.4a before 5.2.*."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-129",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-129 Pointer Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-822",
                  "description": "CWE-822 Untrusted Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-01T01:08:38.728Z",
            "orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
            "shortName": "RTI"
          },
          "references": [
            {
              "url": "https://www.rti.com/vulnerabilities/#cve-2025-4993"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.",
          "x_generator": {
            "engine": "RTI Lubna 1.14.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
        "assignerShortName": "RTI",
        "cveId": "CVE-2025-4993",
        "datePublished": "2025-09-23T17:51:51.489Z",
        "dateReserved": "2025-05-20T08:17:52.869Z",
        "dateUpdated": "2026-04-01T01:08:38.728Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-4582 (GCVE-0-2025-4582)

    Vulnerability from nvd – Published: 2025-09-23 17:51 – Updated: 2026-04-01 01:08
    VLAI
    Title
    Buffer Over-read, Off-by-one Error vulnerability in RTI Connext Professional (Core Libraries) allows File Manipulation, Overread Buffers.
    Summary
    Buffer Over-read, Off-by-one Error vulnerability in RTI Connext Professional (Core Libraries) allows File Manipulation, Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.8, from 6.1.0 before 6.1.2.26, from 6.0.0 before 6.0.1.43, from 5.3.0 before 5.3.*, from 4.4a before 5.2.*.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    RTI
    References
    Impacted products
    Vendor Product Version
    RTI Connext Professional Affected: 7.4.0 , < 7.6.0 (custom)
    Affected: 7.0.0 , < 7.3.0.8 (custom)
    Affected: 6.1.0 , < 6.1.2.26 (custom)
    Affected: 6.0.0 , < 6.0.1.43 (custom)
    Affected: 5.3.0 , < 5.3.* (custom)
    Affected: 4.4a , < 5.2.* (custom)
    Create a notification for this product.
    Date Public
    2025-09-16 07:52
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-4582",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-23T18:29:34.412365Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-23T18:37:03.251Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Core Libraries"
              ],
              "packageName": "connext_professional",
              "packageURL": "pkg:generic/connext_professional",
              "product": "Connext Professional",
              "vendor": "RTI",
              "versions": [
                {
                  "lessThan": "7.6.0",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.3.0.8",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.1.2.26",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.0.1.43",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.3.*",
                  "status": "affected",
                  "version": "5.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.2.*",
                  "status": "affected",
                  "version": "4.4a",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.6.0",
                      "versionStartIncluding": "7.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.3.0.8",
                      "versionStartIncluding": "7.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.2.26",
                      "versionStartIncluding": "6.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.0.1.43",
                      "versionStartIncluding": "6.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.3.*",
                      "versionStartIncluding": "5.3.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.2.*",
                      "versionStartIncluding": "4.4a",
                      "vulnerable": true
                    }
                  ],
                  "negated": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-09-16T07:52:56.903Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Buffer Over-read, Off-by-one Error vulnerability in RTI Connext Professional (Core Libraries) allows File Manipulation, Overread Buffers.\u003cp\u003eThis issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.8, from 6.1.0 before 6.1.2.26, from 6.0.0 before 6.0.1.43, from 5.3.0 before 5.3.*, from 4.4a before 5.2.*.\u003c/p\u003e"
                }
              ],
              "value": "Buffer Over-read, Off-by-one Error vulnerability in RTI Connext Professional (Core Libraries) allows File Manipulation, Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.8, from 6.1.0 before 6.1.2.26, from 6.0.0 before 6.0.1.43, from 5.3.0 before 5.3.*, from 4.4a before 5.2.*."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-165",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-165 File Manipulation"
                }
              ]
            },
            {
              "capecId": "CAPEC-540",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-540 Overread Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "Security Extensions Enabled"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-126",
                  "description": "CWE-126 Buffer Over-read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-193",
                  "description": "CWE-193 Off-by-one Error",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-01T01:08:19.135Z",
            "orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
            "shortName": "RTI"
          },
          "references": [
            {
              "url": "https://www.rti.com/vulnerabilities/#cve-2025-4582"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Buffer Over-read, Off-by-one Error vulnerability in RTI Connext Professional (Core Libraries) allows File Manipulation, Overread Buffers.",
          "x_generator": {
            "engine": "RTI Lubna 1.14.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
        "assignerShortName": "RTI",
        "cveId": "CVE-2025-4582",
        "datePublished": "2025-09-23T17:51:38.223Z",
        "dateReserved": "2025-05-12T13:03:35.739Z",
        "dateUpdated": "2026-04-01T01:08:19.135Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-1255 (GCVE-0-2025-1255)

    Vulnerability from nvd – Published: 2025-09-23 17:50 – Updated: 2025-12-16 16:14
    VLAI
    Title
    Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.
    Summary
    Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.2.0 before 7.3.0.9.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-822 - Untrusted Pointer Dereference
    Assigner
    RTI
    References
    Impacted products
    Vendor Product Version
    RTI Connext Professional Affected: 7.4.0 , < 7.6.0 (custom)
    Affected: 7.2.0 , < 7.3.0.9 (custom)
    Create a notification for this product.
    Date Public
    2025-09-16 07:53
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-1255",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-23T18:29:43.375708Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-23T18:37:09.324Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Core Libraries"
              ],
              "packageName": "connext_professional",
              "packageURL": "pkg:generic/connext_professional",
              "product": "Connext Professional",
              "vendor": "RTI",
              "versions": [
                {
                  "lessThan": "7.6.0",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.3.0.9",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.6.0",
                      "versionStartIncluding": "7.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.3.0.9",
                      "versionStartIncluding": "7.2.0",
                      "vulnerable": true
                    }
                  ],
                  "negated": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-09-16T07:53:06.015Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.\u003cp\u003eThis issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.2.0 before 7.3.0.9.\u003c/p\u003e"
                }
              ],
              "value": "Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.2.0 before 7.3.0.9."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-129",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-129 Pointer Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-822",
                  "description": "CWE-822 Untrusted Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-16T16:14:16.045Z",
            "orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
            "shortName": "RTI"
          },
          "references": [
            {
              "url": "https://www.rti.com/vulnerabilities/#cve-2025-1255"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.",
          "x_generator": {
            "engine": "RTI Lubna 1.14.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
        "assignerShortName": "RTI",
        "cveId": "CVE-2025-1255",
        "datePublished": "2025-09-23T17:50:51.857Z",
        "dateReserved": "2025-02-12T15:31:58.591Z",
        "dateUpdated": "2025-12-16T16:14:16.045Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-1254 (GCVE-0-2025-1254)

    Vulnerability from nvd – Published: 2025-05-08 08:32 – Updated: 2025-12-16 16:14
    VLAI
    Title
    Out-of-bounds Read, Out-of-bounds Write vulnerability in RTI Connext Professional (Recording Service) allows Overflow Buffers, Overread Buffers.
    Summary
    Out-of-bounds Read, Out-of-bounds Write vulnerability in RTI Connext Professional (Recording Service) allows Overflow Buffers, Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from 6.0.0 before 6.0.1.42.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    RTI
    References
    Impacted products
    Vendor Product Version
    RTI Connext Professional Affected: 7.4.0 , < 7.5.0 (custom)
    Affected: 7.0.0 , < 7.3.0.7 (custom)
    Affected: 6.1.0 , < 6.1.2.23 (custom)
    Affected: 6.0.0 , < 6.0.1.42 (custom)
    Create a notification for this product.
    Date Public
    2025-05-06 19:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-1254",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-08T13:54:50.480897Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-08T13:55:52.753Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Recording Service"
              ],
              "packageName": "connext_professional",
              "packageURL": "pkg:generic/connext_professional",
              "product": "Connext Professional",
              "vendor": "RTI",
              "versions": [
                {
                  "lessThan": "7.5.0",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.3.0.7",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.1.2.23",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.0.1.42",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.5.0",
                      "versionStartIncluding": "7.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.3.0.7",
                      "versionStartIncluding": "7.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.2.23",
                      "versionStartIncluding": "6.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.0.1.42",
                      "versionStartIncluding": "6.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negated": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-05-06T19:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Out-of-bounds Read, Out-of-bounds Write vulnerability in RTI Connext Professional (Recording Service) allows Overflow Buffers, Overread Buffers.\u003cp\u003eThis issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from 6.0.0 before 6.0.1.42.\u003c/p\u003e"
                }
              ],
              "value": "Out-of-bounds Read, Out-of-bounds Write vulnerability in RTI Connext Professional (Recording Service) allows Overflow Buffers, Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from 6.0.0 before 6.0.1.42."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            },
            {
              "capecId": "CAPEC-540",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-540 Overread Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "Security Extensions Enabled"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-16T16:14:07.918Z",
            "orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
            "shortName": "RTI"
          },
          "references": [
            {
              "url": "https://www.rti.com/vulnerabilities/#cve-2025-1254"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Out-of-bounds Read, Out-of-bounds Write vulnerability in RTI Connext Professional (Recording Service) allows Overflow Buffers, Overread Buffers.",
          "x_generator": {
            "engine": "RTI Lubna 1.14.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
        "assignerShortName": "RTI",
        "cveId": "CVE-2025-1254",
        "datePublished": "2025-05-08T08:32:43.287Z",
        "dateReserved": "2025-02-12T15:31:57.062Z",
        "dateUpdated": "2025-12-16T16:14:07.918Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-1253 (GCVE-0-2025-1253)

    Vulnerability from nvd – Published: 2025-05-08 08:32 – Updated: 2025-12-16 16:14
    VLAI
    Title
    Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Stack-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.
    Summary
    Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Stack-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from 6.0.0 before 6.0.1.42, from 5.3.0 before 5.3.*, from 4.5c before 5.2.*.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    RTI
    References
    Impacted products
    Vendor Product Version
    RTI Connext Professional Affected: 7.4.0 , < 7.5.0 (custom)
    Affected: 7.0.0 , < 7.3.0.7 (custom)
    Affected: 6.1.0 , < 6.1.2.23 (custom)
    Affected: 6.0.0 , < 6.0.1.42 (custom)
    Affected: 5.3.0 , < 5.3.* (custom)
    Affected: 4.5c , < 5.2.* (custom)
    Create a notification for this product.
    Date Public
    2025-05-06 19:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-1253",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-08T14:04:18.526938Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-08T14:04:37.577Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Core Libraries"
              ],
              "packageName": "connext_professional",
              "packageURL": "pkg:generic/connext_professional",
              "product": "Connext Professional",
              "vendor": "RTI",
              "versions": [
                {
                  "lessThan": "7.5.0",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.3.0.7",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.1.2.23",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.0.1.42",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.3.*",
                  "status": "affected",
                  "version": "5.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.2.*",
                  "status": "affected",
                  "version": "4.5c",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.5.0",
                      "versionStartIncluding": "7.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.3.0.7",
                      "versionStartIncluding": "7.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.2.23",
                      "versionStartIncluding": "6.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.0.1.42",
                      "versionStartIncluding": "6.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.3.*",
                      "versionStartIncluding": "5.3.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.2.*",
                      "versionStartIncluding": "4.5c",
                      "vulnerable": true
                    }
                  ],
                  "negated": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-05-06T19:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027), Stack-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.\u003cp\u003eThis issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from 6.0.0 before 6.0.1.42, from 5.3.0 before 5.3.*, from 4.5c before 5.2.*.\u003c/p\u003e"
                }
              ],
              "value": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027), Stack-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from 6.0.0 before 6.0.1.42, from 5.3.0 before 5.3.*, from 4.5c before 5.2.*."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-46",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-46 Overflow Variables and Tags"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "Security Extensions Enabled"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-16T16:14:01.391Z",
            "orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
            "shortName": "RTI"
          },
          "references": [
            {
              "url": "https://www.rti.com/vulnerabilities/#cve-2025-1253"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027), Stack-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.",
          "x_generator": {
            "engine": "RTI Lubna 1.14.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
        "assignerShortName": "RTI",
        "cveId": "CVE-2025-1253",
        "datePublished": "2025-05-08T08:32:35.311Z",
        "dateReserved": "2025-02-12T15:31:54.861Z",
        "dateUpdated": "2025-12-16T16:14:01.391Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-2674 (GCVE-0-2026-2674)

    Vulnerability from cvelistv5 – Published: 2026-06-17 17:25 – Updated: 2026-06-25 15:46
    VLAI
    Title
    Out-of-bounds Write vulnerability in RTI Connext Professional (Queueing Service,Core Libraries,Persistence Service) allows Overflow Buffers.
    Summary
    Out-of-bounds Write, Out-of-bounds Write, Out-of-bounds Write vulnerability in RTI Connext Professional (Queueing Service,Core Libraries,Persistence Service) allows Overflow Buffers, Overflow Buffers, Overflow Buffers.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    RTI
    References
    Impacted products
    Vendor Product Version
    RTI Connext Professional Affected: 7.4.0 , < 7.7.0 (custom)
    Affected: 7.0.0 , < 7.3.1.3 (custom)
    Affected: 6.1.0 , < 6.1.* (custom)
    Create a notification for this product.
    Date Public
    2026-06-12 16:21
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2674",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-17T17:57:40.284382Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-17T17:57:49.845Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Queueing Service",
                "Core Libraries",
                "Persistence Service"
              ],
              "packageName": "connext_professional",
              "packageURL": "pkg:generic/connext_professional",
              "product": "Connext Professional",
              "vendor": "RTI",
              "versions": [
                {
                  "lessThan": "7.7.0",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.3.1.3",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.1.*",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.7.0",
                      "versionStartIncluding": "7.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.3.1.3",
                      "versionStartIncluding": "7.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.*",
                      "versionStartIncluding": "6.1.0",
                      "vulnerable": true
                    }
                  ],
                  "negated": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-06-12T16:21:46.351Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Out-of-bounds Write, Out-of-bounds Write, Out-of-bounds Write vulnerability in RTI Connext Professional (Queueing Service,Core Libraries,Persistence Service) allows Overflow Buffers, Overflow Buffers, Overflow Buffers.\u003cp\u003eThis issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*.\u003c/p\u003e"
                }
              ],
              "value": "Out-of-bounds Write, Out-of-bounds Write, Out-of-bounds Write vulnerability in RTI Connext Professional (Queueing Service,Core Libraries,Persistence Service) allows Overflow Buffers, Overflow Buffers, Overflow Buffers.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "Security Extensions Enabled"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-25T15:46:53.509Z",
            "orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
            "shortName": "RTI"
          },
          "references": [
            {
              "url": "https://www.rti.com/vulnerabilities/#cve-2026-2674"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Out-of-bounds Write vulnerability in RTI Connext Professional (Queueing Service,Core Libraries,Persistence Service) allows Overflow Buffers.",
          "x_generator": {
            "engine": "RTI Lubna 1.17.6"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
        "assignerShortName": "RTI",
        "cveId": "CVE-2026-2674",
        "datePublished": "2026-06-17T17:25:29.727Z",
        "dateReserved": "2026-02-18T10:33:04.882Z",
        "dateUpdated": "2026-06-25T15:46:53.509Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-30799 (GCVE-0-2026-30799)

    Vulnerability from cvelistv5 – Published: 2026-06-17 17:20 – Updated: 2026-06-17 17:59
    VLAI
    Title
    Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Identity Spoofing.
    Summary
    Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Identity Spoofing.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.*, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    RTI
    References
    Impacted products
    Vendor Product Version
    RTI Connext Professional Affected: 7.4.0 , < 7.7.0 (custom)
    Affected: 7.0.0 , < 7.3.* (custom)
    Affected: 6.1.0 , < 6.1.* (custom)
    Affected: 6.0.0 , < 6.0.* (custom)
    Affected: 5.3.0 , < 5.3.* (custom)
    Create a notification for this product.
    Date Public
    2026-06-12 16:21
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-30799",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-17T17:59:33.217064Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-17T17:59:38.181Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Security Plugins"
              ],
              "packageName": "connext_professional",
              "packageURL": "pkg:generic/connext_professional",
              "product": "Connext Professional",
              "vendor": "RTI",
              "versions": [
                {
                  "lessThan": "7.7.0",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.3.*",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.1.*",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.0.*",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.3.*",
                  "status": "affected",
                  "version": "5.3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.7.0",
                      "versionStartIncluding": "7.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.3.*",
                      "versionStartIncluding": "7.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.*",
                      "versionStartIncluding": "6.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.0.*",
                      "versionStartIncluding": "6.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.3.*",
                      "versionStartIncluding": "5.3.0",
                      "vulnerable": true
                    }
                  ],
                  "negated": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-06-12T16:21:41.140Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Identity Spoofing.\u003cp\u003eThis issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.*, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*.\u003c/p\u003e"
                }
              ],
              "value": "Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Identity Spoofing.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.*, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-151",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-151 Identity Spoofing"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "Security Extensions Enabled"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-17T17:20:36.133Z",
            "orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
            "shortName": "RTI"
          },
          "references": [
            {
              "url": "https://www.rti.com/vulnerabilities/#cve-2026-30799"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Identity Spoofing.",
          "x_generator": {
            "engine": "RTI Lubna 1.17.6"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
        "assignerShortName": "RTI",
        "cveId": "CVE-2026-30799",
        "datePublished": "2026-06-17T17:20:36.133Z",
        "dateReserved": "2026-03-05T14:43:37.191Z",
        "dateUpdated": "2026-06-17T17:59:38.181Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-7300 (GCVE-0-2026-7300)

    Vulnerability from cvelistv5 – Published: 2026-06-17 17:20 – Updated: 2026-06-17 18:00
    VLAI
    Title
    Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Web Integration Service) allows Filter Failure through Buffer Overflow.
    Summary
    Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Web Integration Service) allows Filter Failure through Buffer Overflow.This issue affects Connext Professional: from 7.4.0 before 7.*, from 7.0.0 before 7.3.1.3, from 6.1.2 before 6.1.*.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    RTI
    References
    Impacted products
    Vendor Product Version
    RTI Connext Professional Affected: 7.4.0 , < 7.* (custom)
    Affected: 7.0.0 , < 7.3.1.3 (custom)
    Affected: 6.1.2 , < 6.1.* (custom)
    Create a notification for this product.
    Date Public
    2026-06-12 16:21
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7300",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-17T18:00:26.868901Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-17T18:00:33.855Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web Integration Service"
              ],
              "packageName": "connext_professional",
              "packageURL": "pkg:generic/connext_professional",
              "product": "Connext Professional",
              "vendor": "RTI",
              "versions": [
                {
                  "lessThan": "7.*",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.3.1.3",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.1.*",
                  "status": "affected",
                  "version": "6.1.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.*",
                      "versionStartIncluding": "7.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.3.1.3",
                      "versionStartIncluding": "7.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.*",
                      "versionStartIncluding": "6.1.2",
                      "vulnerable": true
                    }
                  ],
                  "negated": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-06-12T16:21:03.596Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in RTI Connext Professional (Web Integration Service) allows Filter Failure through Buffer Overflow.\u003cp\u003eThis issue affects Connext Professional: from 7.4.0 before 7.*, from 7.0.0 before 7.3.1.3, from 6.1.2 before 6.1.*.\u003c/p\u003e"
                }
              ],
              "value": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in RTI Connext Professional (Web Integration Service) allows Filter Failure through Buffer Overflow.This issue affects Connext Professional: from 7.4.0 before 7.*, from 7.0.0 before 7.3.1.3, from 6.1.2 before 6.1.*."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-24",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-24 Filter Failure through Buffer Overflow"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "Security Extensions Enabled"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-17T17:20:19.053Z",
            "orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
            "shortName": "RTI"
          },
          "references": [
            {
              "url": "https://www.rti.com/vulnerabilities/#cve-2026-7300"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in RTI Connext Professional (Web Integration Service) allows Filter Failure through Buffer Overflow.",
          "x_generator": {
            "engine": "RTI Lubna 1.17.6"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
        "assignerShortName": "RTI",
        "cveId": "CVE-2026-7300",
        "datePublished": "2026-06-17T17:20:19.053Z",
        "dateReserved": "2026-04-28T11:35:56.277Z",
        "dateUpdated": "2026-06-17T18:00:33.855Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3894 (GCVE-0-2026-3894)

    Vulnerability from cvelistv5 – Published: 2026-06-17 17:19 – Updated: 2026-06-17 18:01
    VLAI
    Title
    Out-of-bounds Read vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers.
    Summary
    Out-of-bounds Read vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 5.0.0 before 5.2.*.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    RTI
    References
    Impacted products
    Vendor Product Version
    RTI Connext Professional Affected: 7.4.0 , < 7.7.0 (custom)
    Affected: 7.0.0 , < 7.3.1.3 (custom)
    Affected: 6.1.0 , < 6.1.* (custom)
    Affected: 6.0.0 , < 6.0.* (custom)
    Affected: 5.3.0 , < 5.3.* (custom)
    Affected: 5.0.0 , < 5.2.* (custom)
    Create a notification for this product.
    Date Public
    2026-06-12 16:21
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3894",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-17T18:01:05.016536Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-17T18:01:16.597Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Core Libraries"
              ],
              "packageName": "connext_professional",
              "packageURL": "pkg:generic/connext_professional",
              "product": "Connext Professional",
              "vendor": "RTI",
              "versions": [
                {
                  "lessThan": "7.7.0",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.3.1.3",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.1.*",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.0.*",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.3.*",
                  "status": "affected",
                  "version": "5.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.2.*",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.7.0",
                      "versionStartIncluding": "7.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.3.1.3",
                      "versionStartIncluding": "7.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.*",
                      "versionStartIncluding": "6.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.0.*",
                      "versionStartIncluding": "6.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.3.*",
                      "versionStartIncluding": "5.3.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.2.*",
                      "versionStartIncluding": "5.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negated": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-06-12T16:21:30.938Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Out-of-bounds Read vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers.\u003cp\u003eThis issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 5.0.0 before 5.2.*.\u003c/p\u003e"
                }
              ],
              "value": "Out-of-bounds Read vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 5.0.0 before 5.2.*."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-540",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-540 Overread Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.2,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:L/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:L/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "Security Extensions Enabled"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-17T17:19:25.994Z",
            "orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
            "shortName": "RTI"
          },
          "references": [
            {
              "url": "https://www.rti.com/vulnerabilities/#cve-2026-3894"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Out-of-bounds Read vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers.",
          "x_generator": {
            "engine": "RTI Lubna 1.17.6"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
        "assignerShortName": "RTI",
        "cveId": "CVE-2026-3894",
        "datePublished": "2026-06-17T17:19:25.994Z",
        "dateReserved": "2026-03-10T17:09:23.192Z",
        "dateUpdated": "2026-06-17T18:01:16.597Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-2675 (GCVE-0-2026-2675)

    Vulnerability from cvelistv5 – Published: 2026-06-17 17:19 – Updated: 2026-06-17 18:02
    VLAI
    Title
    Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Fake the Source of Data.
    Summary
    Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Fake the Source of Data.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    RTI
    References
    Impacted products
    Vendor Product Version
    RTI Connext Professional Affected: 7.4.0 , < 7.7.0 (custom)
    Affected: 7.0.0 , < 7.3.1.3 (custom)
    Affected: 6.1.0 , < 6.1.* (custom)
    Affected: 6.0.0 , < 6.0.* (custom)
    Affected: 5.3.0 , < 5.3.* (custom)
    Create a notification for this product.
    Date Public
    2026-06-12 16:21
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2675",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-17T18:02:42.712673Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-17T18:02:48.305Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Security Plugins"
              ],
              "packageName": "connext_professional",
              "packageURL": "pkg:generic/connext_professional",
              "product": "Connext Professional",
              "vendor": "RTI",
              "versions": [
                {
                  "lessThan": "7.7.0",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.3.1.3",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.1.*",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.0.*",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.3.*",
                  "status": "affected",
                  "version": "5.3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.7.0",
                      "versionStartIncluding": "7.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.3.1.3",
                      "versionStartIncluding": "7.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.*",
                      "versionStartIncluding": "6.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.0.*",
                      "versionStartIncluding": "6.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.3.*",
                      "versionStartIncluding": "5.3.0",
                      "vulnerable": true
                    }
                  ],
                  "negated": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-06-12T16:21:43.715Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Fake the Source of Data.\u003cp\u003eThis issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*.\u003c/p\u003e"
                }
              ],
              "value": "Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Fake the Source of Data.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-194",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-194 Fake the Source of Data"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "Security Extensions Enabled"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-17T17:19:04.338Z",
            "orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
            "shortName": "RTI"
          },
          "references": [
            {
              "url": "https://www.rti.com/vulnerabilities/#cve-2026-2675"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Fake the Source of Data.",
          "x_generator": {
            "engine": "RTI Lubna 1.17.6"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
        "assignerShortName": "RTI",
        "cveId": "CVE-2026-2675",
        "datePublished": "2026-06-17T17:19:04.338Z",
        "dateReserved": "2026-02-18T10:34:04.994Z",
        "dateUpdated": "2026-06-17T18:02:48.305Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-2467 (GCVE-0-2026-2467)

    Vulnerability from cvelistv5 – Published: 2026-06-17 17:17 – Updated: 2026-06-17 18:03
    VLAI
    Title
    Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.
    Summary
    Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 5.0.0 before 5.2.*.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    RTI
    References
    Impacted products
    Vendor Product Version
    RTI Connext Professional Affected: 7.4.0 , < 7.7.0 (custom)
    Affected: 7.0.0 , < 7.3.1.3 (custom)
    Affected: 6.1.0 , < 6.1.* (custom)
    Affected: 6.0.0 , < 6.0.* (custom)
    Affected: 5.3.0 , < 5.3.* (custom)
    Affected: 5.0.0 , < 5.2.* (custom)
    Create a notification for this product.
    Date Public
    2026-06-12 16:21
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2467",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-17T18:03:21.528088Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-17T18:03:27.631Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Core Libraries"
              ],
              "packageName": "connext_professional",
              "packageURL": "pkg:generic/connext_professional",
              "product": "Connext Professional",
              "vendor": "RTI",
              "versions": [
                {
                  "lessThan": "7.7.0",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.3.1.3",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.1.*",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.0.*",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.3.*",
                  "status": "affected",
                  "version": "5.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.2.*",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.7.0",
                      "versionStartIncluding": "7.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.3.1.3",
                      "versionStartIncluding": "7.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.*",
                      "versionStartIncluding": "6.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.0.*",
                      "versionStartIncluding": "6.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.3.*",
                      "versionStartIncluding": "5.3.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.2.*",
                      "versionStartIncluding": "5.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negated": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-06-12T16:21:54.728Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.\u003cp\u003eThis issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 5.0.0 before 5.2.*.\u003c/p\u003e"
                }
              ],
              "value": "Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 5.0.0 before 5.2.*."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-46",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-46 Overflow Variables and Tags"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.2,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:L/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:L/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "Security Extensions Enabled"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122 Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-17T17:17:04.866Z",
            "orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
            "shortName": "RTI"
          },
          "references": [
            {
              "url": "https://www.rti.com/vulnerabilities/#cve-2026-2467"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.",
          "x_generator": {
            "engine": "RTI Lubna 1.17.6"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
        "assignerShortName": "RTI",
        "cveId": "CVE-2026-2467",
        "datePublished": "2026-06-17T17:17:04.866Z",
        "dateReserved": "2026-02-13T14:19:43.793Z",
        "dateUpdated": "2026-06-17T18:03:27.631Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-14543 (GCVE-0-2025-14543)

    Vulnerability from cvelistv5 – Published: 2026-04-30 15:25 – Updated: 2026-06-17 17:16
    VLAI
    Title
    Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Core Libraries) allows Serialized Data External Linking.
    Summary
    Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Core Libraries) allows Serialized Data External Linking.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.3x before 5.2.*.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-611 - Improper Restriction of XML External Entity Reference
    Assigner
    RTI
    References
    Impacted products
    Vendor Product Version
    RTI Connext Professional Affected: 7.4.0 , < 7.7.0 (custom)
    Affected: 7.0.0 , < 7.3.1.1 (custom)
    Affected: 6.1.0 , < 6.1.* (custom)
    Affected: 6.0.0 , < 6.0.* (custom)
    Affected: 5.3.0 , < 5.3.* (custom)
    Affected: 4.3x , < 5.2.* (custom)
    Create a notification for this product.
    Date Public
    2026-04-23 15:12
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-14543",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-30T15:42:00.570103Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-30T15:42:40.955Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Core Libraries"
              ],
              "packageName": "connext_professional",
              "packageURL": "pkg:generic/connext_professional",
              "product": "Connext Professional",
              "vendor": "RTI",
              "versions": [
                {
                  "lessThan": "7.7.0",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.3.1.1",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.1.*",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.0.*",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.3.*",
                  "status": "affected",
                  "version": "5.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.2.*",
                  "status": "affected",
                  "version": "4.3x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.7.0",
                      "versionStartIncluding": "7.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.3.1.1",
                      "versionStartIncluding": "7.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.*",
                      "versionStartIncluding": "6.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.0.*",
                      "versionStartIncluding": "6.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.3.*",
                      "versionStartIncluding": "5.3.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.2.*",
                      "versionStartIncluding": "4.3x",
                      "vulnerable": true
                    }
                  ],
                  "negated": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-04-23T15:12:47.958Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Core Libraries) allows Serialized Data External Linking.\u003cp\u003eThis issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.3x before 5.2.*.\u003c/p\u003e"
                }
              ],
              "value": "Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Core Libraries) allows Serialized Data External Linking.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.3x before 5.2.*."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-201",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-201 Serialized Data External Linking"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "Security Extensions Enabled"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-611",
                  "description": "CWE-611 Improper Restriction of XML External Entity Reference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-17T17:16:23.061Z",
            "orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
            "shortName": "RTI"
          },
          "references": [
            {
              "url": "https://www.rti.com/vulnerabilities/#cve-2025-14543"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Core Libraries) allows Serialized Data External Linking.",
          "x_generator": {
            "engine": "RTI Lubna 1.16.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
        "assignerShortName": "RTI",
        "cveId": "CVE-2025-14543",
        "datePublished": "2026-04-30T15:25:10.180Z",
        "dateReserved": "2025-12-11T15:00:13.943Z",
        "dateUpdated": "2026-06-17T17:16:23.061Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-4374 (GCVE-0-2026-4374)

    Vulnerability from cvelistv5 – Published: 2026-04-01 01:06 – Updated: 2026-06-25 15:47
    VLAI
    Title
    Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (multiple infrastructure services) allows Serialized Data External Linking, Data Serialization External Entities Blowup.
    Summary
    Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Cloud Discovery Service, Recording Service, Routing Service, Queueing Service, Observability Collector) allows Serialized Data External Linking, Data Serialization External Entities Blowup.<p>This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.1.0 before 7.3.1.1, from 6.1.0 before 6.1.2.34, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*.</p>
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-611 - Improper Restriction of XML External Entity Reference
    Assigner
    RTI
    References
    Impacted products
    Vendor Product Version
    RTI Connext Professional Affected: 7.4.0 , < 7.7.0 (custom)
    Affected: 7.1.0 , < 7.3.1.1 (custom)
    Affected: 6.1.0 , < 6.1.2.34 (custom)
    Affected: 6.0.0 , < 6.0.* (custom)
    Affected: 5.3.0 , < 5.3.* (custom)
    Create a notification for this product.
    Date Public
    2026-03-25 17:31
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4374",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-01T14:23:31.865417Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-01T15:51:42.809Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Cloud Discovery Service",
                "Recording Service",
                "Routing Service",
                "Queueing Service",
                "Observability Collector"
              ],
              "packageName": "connext_professional",
              "packageURL": "pkg:generic/connext_professional",
              "product": "Connext Professional",
              "vendor": "RTI",
              "versions": [
                {
                  "lessThan": "7.7.0",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.3.1.1",
                  "status": "affected",
                  "version": "7.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.1.2.34",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.0.*",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.3.*",
                  "status": "affected",
                  "version": "5.3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.7.0",
                      "versionStartIncluding": "7.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.3.1.1",
                      "versionStartIncluding": "7.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.2.34",
                      "versionStartIncluding": "6.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.0.*",
                      "versionStartIncluding": "6.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.3.*",
                      "versionStartIncluding": "5.3.0",
                      "vulnerable": true
                    }
                  ],
                  "negated": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-03-25T17:31:28.467Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Cloud Discovery Service, Recording Service, Routing Service, Queueing Service, Observability Collector) allows Serialized Data External Linking, Data Serialization External Entities Blowup.\u003cp\u003eThis issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.1.0 before 7.3.1.1, from 6.1.0 before 6.1.2.34, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*.\u003c/p\u003e"
                }
              ],
              "value": "Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Cloud Discovery Service, Recording Service, Routing Service, Queueing Service, Observability Collector) allows Serialized Data External Linking, Data Serialization External Entities Blowup.\u003cp\u003eThis issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.1.0 before 7.3.1.1, from 6.1.0 before 6.1.2.34, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*.\u003c/p\u003e"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-201",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-201 Serialized Data External Linking"
                }
              ]
            },
            {
              "capecId": "CAPEC-221",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-221 Data Serialization External Entities Blowup"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "Security Extensions Enabled"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-611",
                  "description": "CWE-611 Improper Restriction of XML External Entity Reference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-25T15:47:55.576Z",
            "orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
            "shortName": "RTI"
          },
          "references": [
            {
              "url": "https://www.rti.com/vulnerabilities/#cve-2026-4374"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (multiple infrastructure services) allows Serialized Data External Linking, Data Serialization External Entities Blowup.",
          "x_generator": {
            "engine": "RTI Lubna 1.16.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
        "assignerShortName": "RTI",
        "cveId": "CVE-2026-4374",
        "datePublished": "2026-04-01T01:06:40.064Z",
        "dateReserved": "2026-03-18T10:48:52.263Z",
        "dateUpdated": "2026-06-25T15:47:55.576Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-2394 (GCVE-0-2026-2394)

    Vulnerability from cvelistv5 – Published: 2026-04-01 00:52 – Updated: 2026-06-17 17:16
    VLAI
    Title
    Buffer Over-read vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers.
    Summary
    Buffer Over-read vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.2.34, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.3x before 5.2.*.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    RTI
    References
    Impacted products
    Vendor Product Version
    RTI Connext Professional Affected: 7.4.0 , < 7.7.0 (custom)
    Affected: 7.0.0 , < 7.3.1.1 (custom)
    Affected: 6.1.0 , < 6.1.2.34 (custom)
    Affected: 6.0.0 , < 6.0.* (custom)
    Affected: 5.3.0 , < 5.3.* (custom)
    Affected: 4.3x , < 5.2.* (custom)
    Create a notification for this product.
    Date Public
    2026-03-25 17:32
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2394",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-01T14:31:58.220725Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-01T15:51:51.642Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Core Libraries"
              ],
              "packageName": "connext_professional",
              "packageURL": "pkg:generic/connext_professional",
              "product": "Connext Professional",
              "vendor": "RTI",
              "versions": [
                {
                  "lessThan": "7.7.0",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.3.1.1",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.1.2.34",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.0.*",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.3.*",
                  "status": "affected",
                  "version": "5.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.2.*",
                  "status": "affected",
                  "version": "4.3x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.7.0",
                      "versionStartIncluding": "7.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.3.1.1",
                      "versionStartIncluding": "7.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.2.34",
                      "versionStartIncluding": "6.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.0.*",
                      "versionStartIncluding": "6.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.3.*",
                      "versionStartIncluding": "5.3.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.2.*",
                      "versionStartIncluding": "4.3x",
                      "vulnerable": true
                    }
                  ],
                  "negated": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-03-25T17:32:00.845Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Buffer Over-read vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers.\u003cp\u003eThis issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.2.34, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.3x before 5.2.*.\u003c/p\u003e"
                }
              ],
              "value": "Buffer Over-read vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.2.34, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.3x before 5.2.*."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-540",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-540 Overread Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "Security Extensions Enabled"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-126",
                  "description": "CWE-126 Buffer Over-read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-17T17:16:48.069Z",
            "orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
            "shortName": "RTI"
          },
          "references": [
            {
              "url": "https://www.rti.com/vulnerabilities/#cve-2026-2394"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Buffer Over-read vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers.",
          "x_generator": {
            "engine": "RTI Lubna 1.16.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
        "assignerShortName": "RTI",
        "cveId": "CVE-2026-2394",
        "datePublished": "2026-04-01T00:52:39.353Z",
        "dateReserved": "2026-02-12T10:13:55.938Z",
        "dateUpdated": "2026-06-17T17:16:48.069Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-10450 (GCVE-0-2025-10450)

    Vulnerability from cvelistv5 – Published: 2025-12-16 16:09 – Updated: 2026-04-01 01:09
    VLAI
    Title
    Exposure of Private Personal Information to an Unauthorized Actor vulnerability in RTI Connext Professional (Core Libraries) allows Sniffing Network Traffic.
    Summary
    Exposure of Private Personal Information to an Unauthorized Actor vulnerability in RTI Connext Professional (Core Libraries) allows Sniffing Network Traffic.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.2.0 before 7.3.1.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor
    Assigner
    RTI
    References
    Impacted products
    Vendor Product Version
    RTI Connext Professional Affected: 7.4.0 , < 7.7.0 (custom)
    Affected: 7.2.0 , < 7.3.1 (custom)
    Create a notification for this product.
    Date Public
    2025-12-09 15:44
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-10450",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-16T16:34:29.767172Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-16T16:35:50.604Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Core Libraries"
              ],
              "packageName": "connext_professional",
              "packageURL": "pkg:generic/connext_professional",
              "product": "Connext Professional",
              "vendor": "RTI",
              "versions": [
                {
                  "lessThan": "7.7.0",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.3.1",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.7.0",
                      "versionStartIncluding": "7.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.3.1",
                      "versionStartIncluding": "7.2.0",
                      "vulnerable": true
                    }
                  ],
                  "negated": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-12-09T15:44:25.740Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Exposure of Private Personal Information to an Unauthorized Actor vulnerability in RTI Connext Professional (Core Libraries) allows Sniffing Network Traffic.\u003cp\u003eThis issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.2.0 before 7.3.1.\u003c/p\u003e"
                }
              ],
              "value": "Exposure of Private Personal Information to an Unauthorized Actor vulnerability in RTI Connext Professional (Core Libraries) allows Sniffing Network Traffic.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.2.0 before 7.3.1."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-158",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-158 Sniffing Network Traffic"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "Security Extensions Enabled"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-359",
                  "description": "CWE-359 Exposure of Private Personal Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-01T01:09:01.609Z",
            "orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
            "shortName": "RTI"
          },
          "references": [
            {
              "url": "https://www.rti.com/vulnerabilities/#cve-2025-10450"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Exposure of Private Personal Information to an Unauthorized Actor vulnerability in RTI Connext Professional (Core Libraries) allows Sniffing Network Traffic.",
          "x_generator": {
            "engine": "RTI Lubna 1.15.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
        "assignerShortName": "RTI",
        "cveId": "CVE-2025-10450",
        "datePublished": "2025-12-16T16:09:30.693Z",
        "dateReserved": "2025-09-14T16:19:21.418Z",
        "dateUpdated": "2026-04-01T01:09:01.609Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-8410 (GCVE-0-2025-8410)

    Vulnerability from cvelistv5 – Published: 2025-09-23 17:52 – Updated: 2025-12-16 16:14
    VLAI
    Title
    Use After Free vulnerability in RTI Connext Professional (Security Plugins) allows File Manipulation.
    Summary
    Use After Free vulnerability in RTI Connext Professional (Security Plugins) allows File Manipulation.This issue affects Connext Professional: from 7.5.0 before 7.6.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    RTI
    References
    Impacted products
    Vendor Product Version
    RTI Connext Professional Affected: 7.5.0 , < 7.6.0 (custom)
    Create a notification for this product.
    Date Public
    2025-09-16 07:52
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-8410",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-23T18:29:15.954365Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-23T18:36:51.356Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Security Plugins"
              ],
              "packageName": "connext_professional",
              "packageURL": "pkg:generic/connext_professional",
              "product": "Connext Professional",
              "vendor": "RTI",
              "versions": [
                {
                  "lessThan": "7.6.0",
                  "status": "affected",
                  "version": "7.5.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.6.0",
                      "versionStartIncluding": "7.5.0",
                      "vulnerable": true
                    }
                  ],
                  "negated": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-09-16T07:52:42.037Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Use After Free vulnerability in RTI Connext Professional (Security Plugins) allows File Manipulation.\u003cp\u003eThis issue affects Connext Professional: from 7.5.0 before 7.6.0.\u003c/p\u003e"
                }
              ],
              "value": "Use After Free vulnerability in RTI Connext Professional (Security Plugins) allows File Manipulation.This issue affects Connext Professional: from 7.5.0 before 7.6.0."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-165",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-165 File Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 5.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "Security Extensions Enabled"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-16T16:14:58.480Z",
            "orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
            "shortName": "RTI"
          },
          "references": [
            {
              "url": "https://www.rti.com/vulnerabilities/#cve-2025-8410"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Use After Free vulnerability in RTI Connext Professional (Security Plugins) allows File Manipulation.",
          "x_generator": {
            "engine": "RTI Lubna 1.14.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
        "assignerShortName": "RTI",
        "cveId": "CVE-2025-8410",
        "datePublished": "2025-09-23T17:52:26.769Z",
        "dateReserved": "2025-07-31T08:26:06.499Z",
        "dateUpdated": "2025-12-16T16:14:58.480Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-4993 (GCVE-0-2025-4993)

    Vulnerability from cvelistv5 – Published: 2025-09-23 17:51 – Updated: 2026-04-01 01:08
    VLAI
    Title
    Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.
    Summary
    Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.10, from 6.1.0 before 6.1.2.27, from 6.0.0 before 6.0.1.43, from 5.3.0 before 5.3.*, from 4.4a before 5.2.*.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-822 - Untrusted Pointer Dereference
    Assigner
    RTI
    References
    Impacted products
    Vendor Product Version
    RTI Connext Professional Affected: 7.4.0 , < 7.6.0 (custom)
    Affected: 7.0.0 , < 7.3.0.10 (custom)
    Affected: 6.1.0 , < 6.1.2.27 (custom)
    Affected: 6.0.0 , < 6.0.1.43 (custom)
    Affected: 5.3.0 , < 5.3.* (custom)
    Affected: 4.4a , < 5.2.* (custom)
    Create a notification for this product.
    Date Public
    2025-09-16 07:52
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-4993",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-23T18:29:24.647721Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-23T18:36:56.917Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Core Libraries"
              ],
              "packageName": "connext_professional",
              "packageURL": "pkg:generic/connext_professional",
              "product": "Connext Professional",
              "vendor": "RTI",
              "versions": [
                {
                  "lessThan": "7.6.0",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.3.0.10",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.1.2.27",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.0.1.43",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.3.*",
                  "status": "affected",
                  "version": "5.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.2.*",
                  "status": "affected",
                  "version": "4.4a",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.6.0",
                      "versionStartIncluding": "7.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.3.0.10",
                      "versionStartIncluding": "7.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.2.27",
                      "versionStartIncluding": "6.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.0.1.43",
                      "versionStartIncluding": "6.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.3.*",
                      "versionStartIncluding": "5.3.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.2.*",
                      "versionStartIncluding": "4.4a",
                      "vulnerable": true
                    }
                  ],
                  "negated": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-09-16T07:52:54.107Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.\u003cp\u003eThis issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.10, from 6.1.0 before 6.1.2.27, from 6.0.0 before 6.0.1.43, from 5.3.0 before 5.3.*, from 4.4a before 5.2.*.\u003c/p\u003e"
                }
              ],
              "value": "Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.10, from 6.1.0 before 6.1.2.27, from 6.0.0 before 6.0.1.43, from 5.3.0 before 5.3.*, from 4.4a before 5.2.*."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-129",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-129 Pointer Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-822",
                  "description": "CWE-822 Untrusted Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-01T01:08:38.728Z",
            "orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
            "shortName": "RTI"
          },
          "references": [
            {
              "url": "https://www.rti.com/vulnerabilities/#cve-2025-4993"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.",
          "x_generator": {
            "engine": "RTI Lubna 1.14.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
        "assignerShortName": "RTI",
        "cveId": "CVE-2025-4993",
        "datePublished": "2025-09-23T17:51:51.489Z",
        "dateReserved": "2025-05-20T08:17:52.869Z",
        "dateUpdated": "2026-04-01T01:08:38.728Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-4582 (GCVE-0-2025-4582)

    Vulnerability from cvelistv5 – Published: 2025-09-23 17:51 – Updated: 2026-04-01 01:08
    VLAI
    Title
    Buffer Over-read, Off-by-one Error vulnerability in RTI Connext Professional (Core Libraries) allows File Manipulation, Overread Buffers.
    Summary
    Buffer Over-read, Off-by-one Error vulnerability in RTI Connext Professional (Core Libraries) allows File Manipulation, Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.8, from 6.1.0 before 6.1.2.26, from 6.0.0 before 6.0.1.43, from 5.3.0 before 5.3.*, from 4.4a before 5.2.*.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    RTI
    References
    Impacted products
    Vendor Product Version
    RTI Connext Professional Affected: 7.4.0 , < 7.6.0 (custom)
    Affected: 7.0.0 , < 7.3.0.8 (custom)
    Affected: 6.1.0 , < 6.1.2.26 (custom)
    Affected: 6.0.0 , < 6.0.1.43 (custom)
    Affected: 5.3.0 , < 5.3.* (custom)
    Affected: 4.4a , < 5.2.* (custom)
    Create a notification for this product.
    Date Public
    2025-09-16 07:52
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-4582",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-23T18:29:34.412365Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-23T18:37:03.251Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Core Libraries"
              ],
              "packageName": "connext_professional",
              "packageURL": "pkg:generic/connext_professional",
              "product": "Connext Professional",
              "vendor": "RTI",
              "versions": [
                {
                  "lessThan": "7.6.0",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.3.0.8",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.1.2.26",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.0.1.43",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.3.*",
                  "status": "affected",
                  "version": "5.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.2.*",
                  "status": "affected",
                  "version": "4.4a",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.6.0",
                      "versionStartIncluding": "7.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.3.0.8",
                      "versionStartIncluding": "7.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.2.26",
                      "versionStartIncluding": "6.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.0.1.43",
                      "versionStartIncluding": "6.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.3.*",
                      "versionStartIncluding": "5.3.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.2.*",
                      "versionStartIncluding": "4.4a",
                      "vulnerable": true
                    }
                  ],
                  "negated": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-09-16T07:52:56.903Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Buffer Over-read, Off-by-one Error vulnerability in RTI Connext Professional (Core Libraries) allows File Manipulation, Overread Buffers.\u003cp\u003eThis issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.8, from 6.1.0 before 6.1.2.26, from 6.0.0 before 6.0.1.43, from 5.3.0 before 5.3.*, from 4.4a before 5.2.*.\u003c/p\u003e"
                }
              ],
              "value": "Buffer Over-read, Off-by-one Error vulnerability in RTI Connext Professional (Core Libraries) allows File Manipulation, Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.8, from 6.1.0 before 6.1.2.26, from 6.0.0 before 6.0.1.43, from 5.3.0 before 5.3.*, from 4.4a before 5.2.*."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-165",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-165 File Manipulation"
                }
              ]
            },
            {
              "capecId": "CAPEC-540",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-540 Overread Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "Security Extensions Enabled"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-126",
                  "description": "CWE-126 Buffer Over-read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-193",
                  "description": "CWE-193 Off-by-one Error",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-01T01:08:19.135Z",
            "orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
            "shortName": "RTI"
          },
          "references": [
            {
              "url": "https://www.rti.com/vulnerabilities/#cve-2025-4582"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Buffer Over-read, Off-by-one Error vulnerability in RTI Connext Professional (Core Libraries) allows File Manipulation, Overread Buffers.",
          "x_generator": {
            "engine": "RTI Lubna 1.14.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
        "assignerShortName": "RTI",
        "cveId": "CVE-2025-4582",
        "datePublished": "2025-09-23T17:51:38.223Z",
        "dateReserved": "2025-05-12T13:03:35.739Z",
        "dateUpdated": "2026-04-01T01:08:19.135Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-1255 (GCVE-0-2025-1255)

    Vulnerability from cvelistv5 – Published: 2025-09-23 17:50 – Updated: 2025-12-16 16:14
    VLAI
    Title
    Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.
    Summary
    Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.2.0 before 7.3.0.9.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-822 - Untrusted Pointer Dereference
    Assigner
    RTI
    References
    Impacted products
    Vendor Product Version
    RTI Connext Professional Affected: 7.4.0 , < 7.6.0 (custom)
    Affected: 7.2.0 , < 7.3.0.9 (custom)
    Create a notification for this product.
    Date Public
    2025-09-16 07:53
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-1255",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-23T18:29:43.375708Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-23T18:37:09.324Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Core Libraries"
              ],
              "packageName": "connext_professional",
              "packageURL": "pkg:generic/connext_professional",
              "product": "Connext Professional",
              "vendor": "RTI",
              "versions": [
                {
                  "lessThan": "7.6.0",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.3.0.9",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.6.0",
                      "versionStartIncluding": "7.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.3.0.9",
                      "versionStartIncluding": "7.2.0",
                      "vulnerable": true
                    }
                  ],
                  "negated": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-09-16T07:53:06.015Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.\u003cp\u003eThis issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.2.0 before 7.3.0.9.\u003c/p\u003e"
                }
              ],
              "value": "Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.2.0 before 7.3.0.9."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-129",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-129 Pointer Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-822",
                  "description": "CWE-822 Untrusted Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-16T16:14:16.045Z",
            "orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
            "shortName": "RTI"
          },
          "references": [
            {
              "url": "https://www.rti.com/vulnerabilities/#cve-2025-1255"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.",
          "x_generator": {
            "engine": "RTI Lubna 1.14.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
        "assignerShortName": "RTI",
        "cveId": "CVE-2025-1255",
        "datePublished": "2025-09-23T17:50:51.857Z",
        "dateReserved": "2025-02-12T15:31:58.591Z",
        "dateUpdated": "2025-12-16T16:14:16.045Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }