Improper Validation of Certificate Expiration

CVE-2025-67109

High

10/10

Summary

Improper verification of the time certificate in Eclipse Cyclone DDS allows attackers to bypass certificate checks and execute commands with System privileges.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: CHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-298 - Improper Validation of Certificate Expiration

A certificate expiration is not validated or is incorrectly validated, so trust may be assigned to certificates that have been abandoned due to age.

References

Advisory
Disclosure
POC/Exploit

Advisory Timeline

Published Dec 23, 2025

Improper Validation of Certificate Expiration

CVE-2025-67109

Summary

CWE-298 - Improper Validation of Certificate Expiration

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS