汇总 rti 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
已披露问题常与 缓冲区溢出、内存损坏与XXE 相关,可能在 软件部署与生产负载 场景中带来 应用崩溃与内存损坏 等暴露风险。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2025-14543 | Improper Restriction of XML External Entity Reference vulnerability in Connext Professional (Core Libraries) allows Serialized Data External Linking.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.3x before 5.2.*. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 8.8 | 0.21% | 2026-04-30 | 2026-05-04 |
| CVE-2026-4374 | Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Routing Service,Observability Collector,Recording Service,Queueing Service,Cloud Discovery Service) allows Serialized Data External Linking, Data Serializat... | 3f572a00-62e2-4423-959a-7ea25eff1638 | 8.8 | 0.24% | 2026-04-01 | 2026-04-21 |
| CVE-2026-2394 | Buffer Over-read vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.3x before 5.2.*. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 6.3 | 0.16% | 2026-04-01 | 2026-04-14 |
| CVE-2025-10450 | Exposure of Private Personal Information to an Unauthorized Actor vulnerability in RTI Connext Professional (Core Libraries) allows Sniffing Network Traffic.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.2.0 before 7.3.1. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 8.3 | 0.20% | 2025-12-16 | 2026-04-01 |
| CVE-2025-8410 | Use After Free vulnerability in RTI Connext Professional (Security Plugins) allows File Manipulation.This issue affects Connext Professional: from 7.5.0 before 7.6.0. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 5.8 | 0.19% | 2025-09-23 | 2025-10-01 |
| CVE-2025-4993 | Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.10, from 6.1.0 before 6.1.2.27, from 6.0.0 before 6.0.1.43, from 5.3.0 before 5.3.*, from 4.4a before 5.2.*. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 8.3 | 0.34% | 2025-09-23 | 2026-04-01 |
| CVE-2025-4582 | Buffer Over-read, Off-by-one Error vulnerability in RTI Connext Professional (Core Libraries) allows File Manipulation, Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.8, from 6.1.0 before 6.1.2.26, from 6.0.0 before 6.0.1.43, from 5.3.0 before 5.3.*, from 4.4a before 5.2.*. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 4.8 | 0.12% | 2025-09-23 | 2026-04-01 |
| CVE-2025-1255 | Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.2.0 before 7.3.0.9. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 8.3 | 0.34% | 2025-09-23 | 2025-10-02 |
| CVE-2025-1254 | Out-of-bounds Read, Out-of-bounds Write vulnerability in RTI Connext Professional (Recording Service) allows Overflow Buffers, Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from 6.0.0 before 6.0.1.42. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 7.7 | 0.17% | 2025-05-08 | 2025-07-31 |
| CVE-2025-1253 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Stack-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from 6.0.0 before 6.0.1.42, from 5.3.0 before 5.3.*, from 4.5c before 5.2.*. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 6.9 | 0.08% | 2025-05-08 | 2025-07-31 |
| CVE-2025-1252 | Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from 6.0.0 before 6.0.1.42, from 5.3.0 before 5.3.*, from 4.4d before 5.2.*. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 6.9 | 0.07% | 2025-05-08 | 2025-07-31 |
| CVE-2024-52066 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Routing Service) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 8.3 | 0.28% | 2024-12-13 | 2025-10-02 |
| CVE-2024-52065 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional on non-Windows (Persistence Service) allows Buffer Overflow via Environment Variables.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.1.2 before 6.1.2.21, from 5.3.1.40 before 5.3.1.41. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 6.9 | 0.21% | 2024-12-13 | 2025-10-02 |
| CVE-2024-52064 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 6.9 | 0.21% | 2024-12-13 | 2025-10-02 |
| CVE-2024-52063 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries, Routing Service) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 8.3 | 0.32% | 2024-12-13 | 2025-10-02 |
| CVE-2024-52062 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 6.9 | 0.17% | 2024-12-13 | 2025-10-02 |
| CVE-2024-52061 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries, Queuing Service, Recording Service, Routing Service) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 8.3 | 0.44% | 2024-12-13 | 2025-10-02 |
| CVE-2024-52060 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Routing Service, Recording Service, Queuing Service, Observability Collector Service, Cloud Discovery Service) allows Buffer Overflow via Environment Variables.This issue affects Connext Professional: from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.1.45. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 8.3 | 0.31% | 2024-12-13 | 2025-10-02 |
| CVE-2024-52059 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Heap-based Buffer Overflow, Integer Overflow or Wraparound vulnerability in RTI Connext Professional (Security Plugins) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.0 before 6.1.2.17. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 6.9 | 0.17% | 2024-12-13 | 2025-10-02 |
| CVE-2024-52058 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in RTI Connext Professional (System Designer) allows OS Command Injection.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.0 before 6.1.2.19. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 8.6 | 0.62% | 2024-12-13 | 2025-10-02 |