CVE-2025-55093

Oct. 17, 2025, 5:15 a.m.

6.9
Medium

Description

In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_packet_receive() when handling unicast DHCP messages that could cause corruption of 4 bytes of memory.

Product(s) Impacted

Vendor Product Versions
Eclipse Foundation
  • Netx Duo
  • Threadx
  • <6.4.4
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-126
Buffer Over-read
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a eclipse_foundation netx_duo <6.4.4 / / / / / / /
a eclipse_foundation threadx / / / / / / / /

References

https://github.com/eclipse-threadx/netxduo/security/advisories/GHSA-c9pq-93jp-w649

Tags

CWE-126
emo@eclipse.org
2025-10-17
CVE-2025-55093

CVSS Score

6.9 / 10

CVSS Data - 4.0

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Attack Requirements: NONE
  • Privileges Required: NONE
  • User Interaction: NONE
  • Scope:
  • Confidentiality Impact: NONE
  • Integrity Impact: LOW
  • Availability Impact: NONE
  • Exploit Maturity: NOT_DEFINED

    • CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    View Vector String

Timeline

Published: Oct. 17, 2025, 5:15 a.m.
Last Modified: Oct. 17, 2025, 5:15 a.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

emo@eclipse.org

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.