rti 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は バッファオーバーフロー、vendor risk memory corruption, and vendor risk xxe に関連することが多く、vendor surface software deployment and vendor surface production workloads の文脈で アプリケーションクラッシュ and vendor impact memory corruption などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-14543 | Improper Restriction of XML External Entity Reference vulnerability in Connext Professional (Core Libraries) allows Serialized Data External Linking.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.3x before 5.2.*. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 8.8 | 0.04% | 2026-04-30 | 2026-05-04 |
| CVE-2026-4374 | Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Routing Service,Observability Collector,Recording Service,Queueing Service,Cloud Discovery Service) allows Serialized Data External Linking, Data Serializat... | 3f572a00-62e2-4423-959a-7ea25eff1638 | 8.8 | 0.04% | 2026-04-01 | 2026-04-21 |
| CVE-2026-2394 | Buffer Over-read vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.3x before 5.2.*. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 6.3 | 0.03% | 2026-04-01 | 2026-04-14 |
| CVE-2025-10450 | Exposure of Private Personal Information to an Unauthorized Actor vulnerability in RTI Connext Professional (Core Libraries) allows Sniffing Network Traffic.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.2.0 before 7.3.1. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 8.3 | 0.03% | 2025-12-16 | 2026-04-01 |
| CVE-2025-8410 | Use After Free vulnerability in RTI Connext Professional (Security Plugins) allows File Manipulation.This issue affects Connext Professional: from 7.5.0 before 7.6.0. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 5.8 | 0.05% | 2025-09-23 | 2025-10-01 |
| CVE-2025-4993 | Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.10, from 6.1.0 before 6.1.2.27, from 6.0.0 before 6.0.1.43, from 5.3.0 before 5.3.*, from 4.4a before 5.2.*. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 8.3 | 0.06% | 2025-09-23 | 2026-04-01 |
| CVE-2025-4582 | Buffer Over-read, Off-by-one Error vulnerability in RTI Connext Professional (Core Libraries) allows File Manipulation, Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.8, from 6.1.0 before 6.1.2.26, from 6.0.0 before 6.0.1.43, from 5.3.0 before 5.3.*, from 4.4a before 5.2.*. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 4.8 | 0.01% | 2025-09-23 | 2026-04-01 |
| CVE-2025-1255 | Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.2.0 before 7.3.0.9. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 8.3 | 0.06% | 2025-09-23 | 2025-10-02 |
| CVE-2025-1254 | Out-of-bounds Read, Out-of-bounds Write vulnerability in RTI Connext Professional (Recording Service) allows Overflow Buffers, Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from 6.0.0 before 6.0.1.42. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 7.7 | 0.17% | 2025-05-08 | 2025-07-31 |
| CVE-2025-1253 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Stack-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from 6.0.0 before 6.0.1.42, from 5.3.0 before 5.3.*, from 4.5c before 5.2.*. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 6.9 | 0.08% | 2025-05-08 | 2025-07-31 |
| CVE-2025-1252 | Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from 6.0.0 before 6.0.1.42, from 5.3.0 before 5.3.*, from 4.4d before 5.2.*. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 6.9 | 0.07% | 2025-05-08 | 2025-07-31 |
| CVE-2024-52066 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Routing Service) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 8.3 | 0.66% | 2024-12-13 | 2025-10-02 |
| CVE-2024-52065 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional on non-Windows (Persistence Service) allows Buffer Overflow via Environment Variables.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.1.2 before 6.1.2.21, from 5.3.1.40 before 5.3.1.41. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 6.9 | 0.21% | 2024-12-13 | 2025-10-02 |
| CVE-2024-52064 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 6.9 | 0.21% | 2024-12-13 | 2025-10-02 |
| CVE-2024-52063 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries, Routing Service) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 8.3 | 0.61% | 2024-12-13 | 2025-10-02 |
| CVE-2024-52062 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 6.9 | 0.29% | 2024-12-13 | 2025-10-02 |
| CVE-2024-52061 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries, Queuing Service, Recording Service, Routing Service) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 8.3 | 1.15% | 2024-12-13 | 2025-10-02 |
| CVE-2024-52060 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Routing Service, Recording Service, Queuing Service, Observability Collector Service, Cloud Discovery Service) allows Buffer Overflow via Environment Variables.This issue affects Connext Professional: from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.1.45. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 8.3 | 0.69% | 2024-12-13 | 2025-10-02 |
| CVE-2024-52059 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Heap-based Buffer Overflow, Integer Overflow or Wraparound vulnerability in RTI Connext Professional (Security Plugins) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.0 before 6.1.2.17. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 6.9 | 0.35% | 2024-12-13 | 2025-10-02 |
| CVE-2024-52058 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in RTI Connext Professional (System Designer) allows OS Command Injection.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.0 before 6.1.2.19. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 8.6 | 0.69% | 2024-12-13 | 2025-10-02 |