Denial of Service Vulnerability in Eclipse ThreadX NetX Duo HTTP Server
CVE-2025-0726

7.1HIGH

Key Information:

Vendor: Eclipse Foundation
Status: Threadx
Vendor: CVE Published:; 21 February 2025

🔔 Create Eclipse Foundation Vulnerability Alert

What is CVE-2025-0726?

Eclipse ThreadX NetX Duo, prior to version 6.4.2, contains a vulnerability in its HTTP server functionality that allows attackers to execute a denial of service attack. The core problem arises from inadequate handling of error conditions, which causes the server to fail to close files correctly leading to continuous 404 errors upon subsequent file requests. To mitigate this issue, users can disable PUT request support as a temporary workaround. For a permanent resolution, upgrading to a patched version is recommended.

Affected Version(s)

ThreadX 0 < 6.4.1

References

https://github.com/eclipse-threadx/netxduo/commit/c78d650...

https://github.com/eclipse-threadx/netxduo/security/advis...

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 21, 2025
Vulnerability Reserved
Jan 27, 2025

Credit

Kelly Patterson of Cisco Talos