Denial of Service Vulnerability in Eclipse ThreadX NetX Duo
CVE-2025-2260

7.1HIGH

Key Information:

Vendor: Eclipse Foundation
Status: Threadx
Vendor: CVE Published:; 6 April 2025

🔔 Create Eclipse Foundation Vulnerability Alert

What is CVE-2025-2260?

A denial of service vulnerability exists in the HTTP server functionality of Eclipse ThreadX NetX Duo prior to version 6.4.3. This flaw allows an attacker to craft specific packets that exploit improper error handling, leading to continuous 404 errors for subsequent file requests. Although users may temporarily mitigate the issue by disabling PUT request support, it highlights an incomplete fix related to a previous vulnerability. Ensure you are using the updated version to safeguard against potential exploits.

Affected Version(s)

ThreadX 0 < 6.4.2

References

https://github.com/eclipse-threadx/netxduo/commit/fb3195b...

https://github.com/eclipse-threadx/netxduo/security/advis...

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 6, 2025
Vulnerability Reserved
Mar 12, 2025

Credit

Kelly Patterson of Cisco Talos