Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

RTI — Vulnerabilities & Security Advisories 25

Browse all 25 CVE security advisories affecting RTI. AI-powered Chinese analysis, POCs, and references for each vulnerability.

RTI, primarily known for its Real-Time Publish-Subscribe (DDS) middleware, facilitates critical data exchange in aerospace, defense, and industrial automation sectors. With twenty-five recorded Common Vulnerabilities and Exposures, the software has historically exhibited significant security flaws, predominantly involving remote code execution and cross-site scripting. These vulnerabilities often stem from insufficient input validation and improper access controls within the communication protocols. Notably, several incidents have highlighted risks related to privilege escalation, allowing unauthorized users to gain elevated system access. The complexity of DDS implementations frequently exacerbates these issues, as misconfigurations can expose sensitive operational data to external threats. While essential for real-time systems, the middleware’s security posture requires rigorous patching and strict network segmentation to mitigate the potential for exploitation in high-stakes environments.

Top products by RTI: Connext Professional Connext DDS Professional
CVE IDTitleCVSSSeverityPublished
CVE-2025-14543 Improper Restriction of XML External Entity Reference vulnerability in Connext Professional (Core Libraries) allows Serialized Data External Linking. — Connext ProfessionalCWE-611 5.3 -2026-04-30
CVE-2026-4374 Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Routing Service,Observability Collector,Recording Service,Queueing Service,Cloud Discovery Service) allows Serialized Data External Linking, Data Serializat... — Connext ProfessionalCWE-611 9.8AICriticalAI2026-04-01
CVE-2026-2394 Buffer Over-read vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers. — Connext ProfessionalCWE-126 7.5AIHighAI2026-04-01
CVE-2025-10450 Exposure of Private Personal Information to an Unauthorized Actor vulnerability in RTI Connext Professional (Core Libraries) allows Sniffing Network Traffic. — Connext ProfessionalCWE-359 5.3AIMediumAI2025-12-16
CVE-2025-8410 Use After Free vulnerability in RTI Connext Professional (Security Plugins) allows File Manipulation. — Connext ProfessionalCWE-416 9.8AICriticalAI2025-09-23
CVE-2025-4993 Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation. — Connext ProfessionalCWE-822 9.1AICriticalAI2025-09-23
CVE-2025-4582 Buffer Over-read, Off-by-one Error vulnerability in RTI Connext Professional (Core Libraries) allows File Manipulation, Overread Buffers. — Connext ProfessionalCWE-126 8.8AIHighAI2025-09-23
CVE-2025-1255 Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation. — Connext ProfessionalCWE-822 9.1AICriticalAI2025-09-23
CVE-2025-1254 Out-of-bounds Read, Out-of-bounds Write vulnerability in RTI Connext Professional (Recording Service) allows Overflow Buffers, Overread Buffers. — Connext ProfessionalCWE-125 9.8AICriticalAI2025-05-08
CVE-2025-1253 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Stack-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags. — Connext ProfessionalCWE-120 9.1AICriticalAI2025-05-08
CVE-2025-1252 Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags. — Connext ProfessionalCWE-122 9.1AICriticalAI2025-05-08
CVE-2024-52066 Potential stack corruption in Routing Service when using a malicious XML configuration document — Connext ProfessionalCWE-120 9.1 -2024-12-13
CVE-2024-52065 Potential stack buffer write overflow in Persistence Service while parsing malicious environment variable on non-Windows systems — Connext ProfessionalCWE-120 8.4 -2024-12-13
CVE-2024-52064 Potential stack buffer write overflow in Connext applications while parsing malicious license file — Connext ProfessionalCWE-120 9.1 -2024-12-13
CVE-2024-52063 Potential stack buffer write overflow in Connext applications while parsing malicious XML types document — Connext ProfessionalCWE-120 9.8 -2024-12-13
CVE-2024-52062 Potential stack buffer write overflow in Connext applications while parsing malicious XML types document — Connext ProfessionalCWE-120 9.1 -2024-12-13
CVE-2024-52061 Potential stack buffer overflow when parsing an XML type — Connext ProfessionalCWE-120 9.8 -2024-12-13
CVE-2024-52060 Potential stack overflow when using XML configuration file referencing environment variables — Connext ProfessionalCWE-120 9.8 -2024-12-13
CVE-2024-52059 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Heap-based Buffer Overflow, Integer Overflow or Wraparound vulnerability in RTI Connext Professional (Security Plugins) allows Overflow Variables and Tags. — Connext ProfessionalCWE-120 9.1 -2024-12-13
CVE-2024-52058 Potential arbitrary command execution in System Designer while parsing malicious HTTP/REST requests — Connext ProfessionalCWE-78 8.8 -2024-12-13
CVE-2024-52057 Potential arbitrary SQL query execution in Queuing Service while parsing malicious remote commands or configuration files — Connext ProfessionalCWE-89 9.8 -2024-12-13
CVE-2021-38435 RTI Connext DDS Professional and Connext DDS Secure Incorrect Calculation of Buffer Size — Connext DDS ProfessionalCWE-131 6.6 Medium2022-05-05
CVE-2021-38433 RTI Connext DDS Professional and Connext DDS Secure Stack-based Buffer Overflow — Connext DDS ProfessionalCWE-121 6.6 Medium2022-05-05
CVE-2021-38427 RTI Connext DDS Professional and Connext DDS Secure Stack-based Buffer Overflow — Connext DDS ProfessionalCWE-121 6.6 Medium2022-05-05
CVE-2021-38487 Potential Network Amplification and Information Exposure in RTI Connext Professional and Connext Micro — Connext ProfessionalCWE-406 8.2 High2022-05-05

This page lists every published CVE security advisory associated with RTI. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.