Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

CVE-2025-14543 -- CVSS 9.1 Vulnerability Briefing

CVE-2025-14543 | CVSS 9.1 (Critical) | Exploit: No known exploit

What Is It

CVE-2025-14543 is an XML External Entity (XXE) injection vulnerability in RTI Connext Professional Core Libraries, affecting versions 7.4.0 and later, which allows attackers to exploit the serialized data processing layer to reference and retrieve external resources.

Technical Detail

The flaw stems from improper restriction of XML external entity references within the Core Libraries component of RTI Connext Professional, a widely deployed Data Distribution Service (DDS) middleware used in real-time and safety-critical systems. An attacker who can supply or influence serialized data processed by the library can craft a malicious XML payload containing external entity declarations, causing the parser to initiate outbound connections or read local files from the host system. Depending on deployment context, successful exploitation could result in sensitive data exfiltration, server-side request forgery (SSRF), or denial of service, with a CVSS score of 9.1 reflecting the high impact to confidentiality and integrity.

Exploitation Status

No known exploit code has been observed in the wild as of this writing, and this CVE is not listed in the CISA Known Exploited Vulnerabilities catalog. Exploit maturity is currently assessed as none confirmed, meaning no public proof-of-concept or operational exploit has been documented. However, XXE vulnerabilities in middleware components are well-understood by the research community and can be weaponized with moderate effort once a target is identified.

Who Is Targeting This

No specific threat actor attribution at this time. No campaigns or targeted sectors have been formally associated with this vulnerability. Given that RTI Connext Professional is commonly deployed in industrial control systems, autonomous vehicles, aerospace, and defense applications, organizations operating in those verticals should treat this as elevated risk even in the absence of confirmed targeting.

What To Do

Organizations running RTI Connext Professional version 7.4.0 or later should apply vendor-supplied patches as a priority given the critical CVSS score and the sensitive nature of typical deployment environments. If patching cannot be applied immediately, restrict network access to DDS endpoints so that only trusted, authenticated nodes can submit serialized data to the affected libraries. Disable external entity resolution at the XML parser configuration level if the application framework permits it. Monitor outbound network connections from DDS middleware hosts for anomalous DNS lookups or HTTP requests, which may indicate XXE exploitation attempts. Contact RTI directly to confirm the latest patched release and verify whether any compensating controls are recommended for your specific deployment configuration.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →