Aggregates CVE and security vulnerability intelligence across all rti-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk buffer overflow, vendor risk memory corruption, and vendor risk xxe and related problems; some flaws may lead to vendor impact application crash and vendor impact memory corruption.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-14543 | Improper Restriction of XML External Entity Reference vulnerability in Connext Professional (Core Libraries) allows Serialized Data External Linking.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.3x before 5.2.*. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 8.8 | 0.04% | 2026-04-30 | 2026-05-04 |
| CVE-2026-4374 | Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Routing Service,Observability Collector,Recording Service,Queueing Service,Cloud Discovery Service) allows Serialized Data External Linking, Data Serializat... | 3f572a00-62e2-4423-959a-7ea25eff1638 | 8.8 | 0.04% | 2026-04-01 | 2026-04-21 |
| CVE-2026-2394 | Buffer Over-read vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.3x before 5.2.*. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 6.3 | 0.03% | 2026-04-01 | 2026-04-14 |
| CVE-2025-10450 | Exposure of Private Personal Information to an Unauthorized Actor vulnerability in RTI Connext Professional (Core Libraries) allows Sniffing Network Traffic.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.2.0 before 7.3.1. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 8.3 | 0.03% | 2025-12-16 | 2026-04-01 |
| CVE-2025-8410 | Use After Free vulnerability in RTI Connext Professional (Security Plugins) allows File Manipulation.This issue affects Connext Professional: from 7.5.0 before 7.6.0. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 5.8 | 0.03% | 2025-09-23 | 2025-10-01 |
| CVE-2025-4993 | Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.10, from 6.1.0 before 6.1.2.27, from 6.0.0 before 6.0.1.43, from 5.3.0 before 5.3.*, from 4.4a before 5.2.*. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 8.3 | 0.06% | 2025-09-23 | 2026-04-01 |
| CVE-2025-4582 | Buffer Over-read, Off-by-one Error vulnerability in RTI Connext Professional (Core Libraries) allows File Manipulation, Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.8, from 6.1.0 before 6.1.2.26, from 6.0.0 before 6.0.1.43, from 5.3.0 before 5.3.*, from 4.4a before 5.2.*. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 4.8 | 0.01% | 2025-09-23 | 2026-04-01 |
| CVE-2025-1255 | Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.2.0 before 7.3.0.9. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 8.3 | 0.06% | 2025-09-23 | 2025-10-02 |
| CVE-2025-1254 | Out-of-bounds Read, Out-of-bounds Write vulnerability in RTI Connext Professional (Recording Service) allows Overflow Buffers, Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from 6.0.0 before 6.0.1.42. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 7.7 | 0.17% | 2025-05-08 | 2025-07-31 |
| CVE-2025-1253 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Stack-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from 6.0.0 before 6.0.1.42, from 5.3.0 before 5.3.*, from 4.5c before 5.2.*. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 6.9 | 0.08% | 2025-05-08 | 2025-07-31 |
| CVE-2025-1252 | Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from 6.0.0 before 6.0.1.42, from 5.3.0 before 5.3.*, from 4.4d before 5.2.*. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 6.9 | 0.07% | 2025-05-08 | 2025-07-31 |
| CVE-2024-52066 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Routing Service) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 8.3 | 0.66% | 2024-12-13 | 2025-10-02 |
| CVE-2024-52065 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional on non-Windows (Persistence Service) allows Buffer Overflow via Environment Variables.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.1.2 before 6.1.2.21, from 5.3.1.40 before 5.3.1.41. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 6.9 | 0.21% | 2024-12-13 | 2025-10-02 |
| CVE-2024-52064 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 6.9 | 0.21% | 2024-12-13 | 2025-10-02 |
| CVE-2024-52063 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries, Routing Service) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 8.3 | 0.61% | 2024-12-13 | 2025-10-02 |
| CVE-2024-52062 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 6.9 | 0.29% | 2024-12-13 | 2025-10-02 |
| CVE-2024-52061 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries, Queuing Service, Recording Service, Routing Service) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 8.3 | 1.15% | 2024-12-13 | 2025-10-02 |
| CVE-2024-52060 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Routing Service, Recording Service, Queuing Service, Observability Collector Service, Cloud Discovery Service) allows Buffer Overflow via Environment Variables.This issue affects Connext Professional: from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.1.45. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 8.3 | 0.69% | 2024-12-13 | 2025-10-02 |
| CVE-2024-52059 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Heap-based Buffer Overflow, Integer Overflow or Wraparound vulnerability in RTI Connext Professional (Security Plugins) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.0 before 6.1.2.17. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 6.9 | 0.35% | 2024-12-13 | 2025-10-02 |
| CVE-2024-52058 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in RTI Connext Professional (System Designer) allows OS Command Injection.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.0 before 6.1.2.19. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 8.6 | 0.69% | 2024-12-13 | 2025-10-02 |