Denial of Service Vulnerability in Eclipse ThreadX NetX Duo HTTP Server
CVE-2025-0726

7.1HIGH

Key Information:

Vendor: Eclipse Foundation
Status: Threadx
Vendor: CVE Published:; 21 February 2025

Summary

Eclipse ThreadX NetX Duo, prior to version 6.4.2, contains a vulnerability in its HTTP server functionality that allows attackers to execute a denial of service attack. The core problem arises from inadequate handling of error conditions, which causes the server to fail to close files correctly leading to continuous 404 errors upon subsequent file requests. To mitigate this issue, users can disable PUT request support as a temporary workaround. For a permanent resolution, upgrading to a patched version is recommended.

Affected Version(s)

ThreadX 0 < 6.4.1

References

https://github.com/eclipse-threadx/netxduo/commit/c78d650...

https://github.com/eclipse-threadx/netxduo/security/advis...

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Feb 21, 2025
Vulnerability Reserved
Jan 27, 2025

Credit

Kelly Patterson of Cisco Talos