Aggregates CVE and security vulnerability intelligence across all Eclipse Foundation-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues involve various input-handling and memory-safety problems that may affect software stability and security.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-11966 | In Eclipse Vert.x versions [4.0.0, 4.5.21] and [5.0.0, 5.0.4], when "directory listing" is enabled, file and directory names are inserted into generated HTML without proper escaping in the href, title, and link attributes. An attacker who can create or rename files or directories within a served path can craft filenames containing malicious script or HTML content, leading to stored cross-site scripting (XSS) that executes in the context of users viewing the affected directory listing. | [email protected] | 2.3 | 0.27% | 2025-10-22 | 2026-01-20 |
| CVE-2025-11965 | In Eclipse Vert.x versions [4.0.0, 4.5.21] and [5.0.0, 5.0.4], a StaticHandler configuration for restricting access to hidden files fails to restrict access to hidden directories, allowing unauthorized users to retrieve files within them (e.g. '.git/config'). | [email protected] | 6.3 | 0.46% | 2025-10-22 | 2026-01-16 |
| CVE-2025-55086 | In NetXDuo version before 6.4.4, a networking support module for Eclipse Foundation ThreadX, in the DHCPV6 client there was an unchecked index extracting the server DUID from the server reply. With a crafted packet, an attacker could cause an out of memory read. | [email protected] | 6.3 | 0.36% | 2025-10-20 | 2025-10-24 |
| CVE-2025-55085 | In NextX Duo before 6.4.4, in the HTTP client module, the network support code for Eclipse Foundation ThreadX, the parsing of HTTP header fields was missing bounds verification. A crafted server response could cause undefined behavior. | [email protected] | 8.8 | 0.55% | 2025-10-17 | 2025-10-27 |
| CVE-2025-55100 | In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_audio10_sam_parse_func() when parsing a list of sampling frequencies. | [email protected] | 2.4 | 0.51% | 2025-10-17 | 2025-10-23 |
| CVE-2025-55099 | In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_audio_alternate_setting_locate() when parsing a descriptor with attacker-controlled frequency fields. | [email protected] | 2.4 | 0.35% | 2025-10-17 | 2025-10-23 |
| CVE-2025-55098 | In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_audio_device_type_get() when parsing a descriptor of an USB audio device. | [email protected] | 1.0 | 0.30% | 2025-10-17 | 2025-10-23 |
| CVE-2025-55097 | In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_audio_streaming_sampling_get() when parsing a descriptor of an USB streaming device. | [email protected] | 2.4 | 0.24% | 2025-10-17 | 2025-10-23 |
| CVE-2025-55096 | In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_hid_report_descriptor_get() when parsing a descriptor of an USB HID device. | [email protected] | 2.1 | 0.15% | 2025-10-17 | 2025-10-23 |
| CVE-2025-55094 | In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_icmpv6_validate_options() when handling a packet with ICMP6 options. | [email protected] | 6.9 | 0.37% | 2025-10-17 | 2025-10-24 |
| CVE-2025-55087 | In NextX Duo's snmp addon versions before 6.4.4, a part of the Eclipse Foundation ThreadX, an attacker could cause an out-of-bound read by a crafted SNMPv3 security parameters. | [email protected] | 6.3 | 0.41% | 2025-10-17 | 2025-10-24 |
| CVE-2025-55093 | In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_packet_receive() when handling unicast DHCP messages that could cause corruption of 4 bytes of memory. | [email protected] | 6.9 | 0.29% | 2025-10-17 | 2025-10-24 |
| CVE-2025-55092 | In Eclipse Foundation NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_option_process() when processing an IPv4 packet with the timestamp option. | [email protected] | 6.9 | 0.30% | 2025-10-17 | 2025-10-24 |
| CVE-2025-55091 | In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ip_packet_receive() function when received an Ethernet with type set as IP but no IP data. | [email protected] | 6.9 | 0.34% | 2025-10-16 | 2025-10-21 |
| CVE-2025-55090 | In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_packet_receive() function when received an Ethernet frame with less than 4 bytes of IP packet. | [email protected] | 6.9 | 0.34% | 2025-10-16 | 2025-10-21 |
| CVE-2025-55089 | In FileX before 6.4.2, the file support module for Eclipse Foundation ThreadX, there was a possible buffer overflow in the FileX RAM disk driver. It could cause a remote execurtion after receiving a crafted sequence of packets | [email protected] | 9.2 | 0.47% | 2025-10-16 | 2026-01-20 |
| CVE-2025-55084 | In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check in_nx_secure_tls_proc_clienthello_supported_versions_extension() in the extension version field. | [email protected] | 6.9 | 0.30% | 2025-10-16 | 2025-10-21 |
| CVE-2025-55083 | In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check resulting it out by two out of bound read. | [email protected] | 6.9 | 0.23% | 2025-10-15 | 2025-10-21 |
| CVE-2025-55082 | In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was a potential out of bound read in _nx_secure_tls_process_clienthello() because of a missing validation of PSK length provided in the user message. | [email protected] | 6.9 | 0.23% | 2025-10-15 | 2025-10-21 |
| CVE-2025-55081 | In Eclipse Foundation NextX Duo before 6.4.4, a module of ThreadX, the _nx_secure_tls_process_clienthello() function was missing length verification of certain SSL/TLS client hello message: the ciphersuite length and compression method length. In case of an attacker-crafted message with values outside of the expected range, it could cause an out-of-bound read. | [email protected] | 6.9 | 0.34% | 2025-10-15 | 2025-10-27 |