彙總 rti 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
已披露問題常與 緩衝區溢位、記憶體損壞與XXE 相關,可能在 軟體部署與生產負載 場景中帶來 應用程式崩潰與記憶體損壞 等暴露風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2025-14543 | Improper Restriction of XML External Entity Reference vulnerability in Connext Professional (Core Libraries) allows Serialized Data External Linking.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.3x before 5.2.*. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 8.8 | 0.04% | 2026-04-30 | 2026-05-04 |
| CVE-2026-4374 | Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Routing Service,Observability Collector,Recording Service,Queueing Service,Cloud Discovery Service) allows Serialized Data External Linking, Data Serializat... | 3f572a00-62e2-4423-959a-7ea25eff1638 | 8.8 | 0.04% | 2026-04-01 | 2026-04-21 |
| CVE-2026-2394 | Buffer Over-read vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.3x before 5.2.*. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 6.3 | 0.03% | 2026-04-01 | 2026-04-14 |
| CVE-2025-10450 | Exposure of Private Personal Information to an Unauthorized Actor vulnerability in RTI Connext Professional (Core Libraries) allows Sniffing Network Traffic.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.2.0 before 7.3.1. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 8.3 | 0.03% | 2025-12-16 | 2026-04-01 |
| CVE-2025-8410 | Use After Free vulnerability in RTI Connext Professional (Security Plugins) allows File Manipulation.This issue affects Connext Professional: from 7.5.0 before 7.6.0. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 5.8 | 0.05% | 2025-09-23 | 2025-10-01 |
| CVE-2025-4993 | Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.10, from 6.1.0 before 6.1.2.27, from 6.0.0 before 6.0.1.43, from 5.3.0 before 5.3.*, from 4.4a before 5.2.*. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 8.3 | 0.06% | 2025-09-23 | 2026-04-01 |
| CVE-2025-4582 | Buffer Over-read, Off-by-one Error vulnerability in RTI Connext Professional (Core Libraries) allows File Manipulation, Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.8, from 6.1.0 before 6.1.2.26, from 6.0.0 before 6.0.1.43, from 5.3.0 before 5.3.*, from 4.4a before 5.2.*. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 4.8 | 0.01% | 2025-09-23 | 2026-04-01 |
| CVE-2025-1255 | Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.2.0 before 7.3.0.9. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 8.3 | 0.06% | 2025-09-23 | 2025-10-02 |
| CVE-2025-1254 | Out-of-bounds Read, Out-of-bounds Write vulnerability in RTI Connext Professional (Recording Service) allows Overflow Buffers, Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from 6.0.0 before 6.0.1.42. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 7.7 | 0.17% | 2025-05-08 | 2025-07-31 |
| CVE-2025-1253 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Stack-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from 6.0.0 before 6.0.1.42, from 5.3.0 before 5.3.*, from 4.5c before 5.2.*. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 6.9 | 0.08% | 2025-05-08 | 2025-07-31 |
| CVE-2025-1252 | Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from 6.0.0 before 6.0.1.42, from 5.3.0 before 5.3.*, from 4.4d before 5.2.*. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 6.9 | 0.07% | 2025-05-08 | 2025-07-31 |
| CVE-2024-52066 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Routing Service) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 8.3 | 0.66% | 2024-12-13 | 2025-10-02 |
| CVE-2024-52065 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional on non-Windows (Persistence Service) allows Buffer Overflow via Environment Variables.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.1.2 before 6.1.2.21, from 5.3.1.40 before 5.3.1.41. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 6.9 | 0.21% | 2024-12-13 | 2025-10-02 |
| CVE-2024-52064 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 6.9 | 0.21% | 2024-12-13 | 2025-10-02 |
| CVE-2024-52063 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries, Routing Service) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 8.3 | 0.61% | 2024-12-13 | 2025-10-02 |
| CVE-2024-52062 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 6.9 | 0.29% | 2024-12-13 | 2025-10-02 |
| CVE-2024-52061 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries, Queuing Service, Recording Service, Routing Service) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 8.3 | 1.15% | 2024-12-13 | 2025-10-02 |
| CVE-2024-52060 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Routing Service, Recording Service, Queuing Service, Observability Collector Service, Cloud Discovery Service) allows Buffer Overflow via Environment Variables.This issue affects Connext Professional: from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.1.45. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 8.3 | 0.69% | 2024-12-13 | 2025-10-02 |
| CVE-2024-52059 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Heap-based Buffer Overflow, Integer Overflow or Wraparound vulnerability in RTI Connext Professional (Security Plugins) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.0 before 6.1.2.17. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 6.9 | 0.35% | 2024-12-13 | 2025-10-02 |
| CVE-2024-52058 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in RTI Connext Professional (System Designer) allows OS Command Injection.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.0 before 6.1.2.19. | 3f572a00-62e2-4423-959a-7ea25eff1638 | 8.6 | 0.69% | 2024-12-13 | 2025-10-02 |