This page lists publicly disclosed CVE vulnerabilities affecting eclipse threadx_netx_duo (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-55102 | A denial-of-service vulnerability exists in the NetX IPv6 component functionality of Eclipse ThreadX NetX Duo. A specially crafted network packet of "Packet Too Big" with more than 15 different source address can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability. | [email protected] | 8.7 | 0.02% | 2026-01-27 | 2026-04-02 |
| CVE-2025-55086 | In NetXDuo version before 6.4.4, a networking support module for Eclipse Foundation ThreadX, in the DHCPV6 client there was an unchecked index extracting the server DUID from the server reply. With a crafted packet, an attacker could cause an out of memory read. | [email protected] | 6.3 | 0.05% | 2025-10-20 | 2025-10-24 |
| CVE-2025-55085 | In NextX Duo before 6.4.4, in the HTTP client module, the network support code for Eclipse Foundation ThreadX, the parsing of HTTP header fields was missing bounds verification. A crafted server response could cause undefined behavior. | [email protected] | 8.8 | 0.19% | 2025-10-17 | 2025-10-27 |
| CVE-2025-55094 | In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_icmpv6_validate_options() when handling a packet with ICMP6 options. | [email protected] | 6.9 | 0.05% | 2025-10-17 | 2025-10-24 |
| CVE-2025-55087 | In NextX Duo's snmp addon versions before 6.4.4, a part of the Eclipse Foundation ThreadX, an attacker could cause an out-of-bound read by a crafted SNMPv3 security parameters. | [email protected] | 6.3 | 0.11% | 2025-10-17 | 2025-10-24 |
| CVE-2025-55093 | In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_packet_receive() when handling unicast DHCP messages that could cause corruption of 4 bytes of memory. | [email protected] | 6.9 | 0.04% | 2025-10-17 | 2025-10-24 |
| CVE-2025-55092 | In Eclipse Foundation NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_option_process() when processing an IPv4 packet with the timestamp option. | [email protected] | 6.9 | 0.03% | 2025-10-17 | 2025-10-24 |
| CVE-2025-55091 | In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ip_packet_receive() function when received an Ethernet with type set as IP but no IP data. | [email protected] | 6.9 | 0.06% | 2025-10-16 | 2025-10-21 |
| CVE-2025-55090 | In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_packet_receive() function when received an Ethernet frame with less than 4 bytes of IP packet. | [email protected] | 6.9 | 0.06% | 2025-10-16 | 2025-10-21 |
| CVE-2025-55084 | In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check in_nx_secure_tls_proc_clienthello_supported_versions_extension() in the extension version field. | [email protected] | 6.9 | 0.03% | 2025-10-16 | 2025-10-21 |
| CVE-2025-55083 | In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check resulting it out by two out of bound read. | [email protected] | 6.9 | 0.03% | 2025-10-15 | 2025-10-21 |
| CVE-2025-55082 | In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was a potential out of bound read in _nx_secure_tls_process_clienthello() because of a missing validation of PSK length provided in the user message. | [email protected] | 6.9 | 0.03% | 2025-10-15 | 2025-10-21 |
| CVE-2025-55081 | In Eclipse Foundation NextX Duo before 6.4.4, a module of ThreadX, the _nx_secure_tls_process_clienthello() function was missing length verification of certain SSL/TLS client hello message: the ciphersuite length and compression method length. In case of an attacker-crafted message with values outside of the expected range, it could cause an out-of-bound read. | [email protected] | 6.9 | 0.06% | 2025-10-15 | 2025-10-27 |
| CVE-2025-2260 | In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause a denial of service by specially crafted packets. The core issue is missing closing of a file in case of an error condition, resulting in the 404 error for each further file request. Users can work-around the issue by disabling the PUT request support. This issue follows an incomplete fix of CVE-2025-0726. | [email protected] | 7.1 | 0.19% | 2025-04-06 | 2025-07-31 |
| CVE-2025-2259 | In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length in one packet smaller than the data request size of the other packet. A possible workaround is to disable HTTP PUT support. This issue follows an incomplete fix of CVE-2025-0727 | [email protected] | 5.3 | 0.16% | 2025-04-06 | 2025-07-31 |
| CVE-2025-2258 | In NetX Duo component HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length smaller than the data request size. A possible workaround is to disable HTTP PUT support. This issue follows an uncomplete fix in CVE-2025-0728. | [email protected] | 5.3 | 0.16% | 2025-04-06 | 2025-07-31 |
| CVE-2025-0728 | In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length smaller than the data request size. A possible workaround is to disable HTTP PUT support. | [email protected] | 5.3 | 0.35% | 2025-02-21 | 2025-07-31 |
| CVE-2025-0727 | In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length in one packet smaller than the data request size of the other packet. A possible workaround is to disable HTTP PUT support. | [email protected] | 5.3 | 0.35% | 2025-02-21 | 2025-07-31 |
| CVE-2025-0726 | In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause a denial of service by specially crafted packets. The core issue is missing closing of a file in case of an error condition, resulting in the 404 error for each further file request. Users can work-around the issue by disabling the PUT request support. | [email protected] | 7.1 | 0.36% | 2025-02-21 | 2025-07-31 |
| CVE-2024-2452 | In Eclipse ThreadX NetX Duo before 6.4.0, if an attacker can control parameters of __portable_aligned_alloc() could cause an integer wrap-around and an allocation smaller than expected. This could cause subsequent heap buffer overflows. | [email protected] | 7.0 | 0.14% | 2024-03-26 | 2025-02-13 |