Denial of Service Vulnerability in Eclipse ThreadX NetX Duo
CVE-2025-2260

7.1HIGH

Key Information:

Vendor
Eclipse Foundation
Status
Threadx
Vendor
CVE Published:
6 April 2025

Summary

A denial of service vulnerability exists in the HTTP server functionality of Eclipse ThreadX NetX Duo prior to version 6.4.3. This flaw allows an attacker to craft specific packets that exploit improper error handling, leading to continuous 404 errors for subsequent file requests. Although users may temporarily mitigate the issue by disabling PUT request support, it highlights an incomplete fix related to a previous vulnerability. Ensure you are using the updated version to safeguard against potential exploits.

Affected Version(s)

ThreadX 0 < 6.4.2

References

https://github.com/eclipse-threadx/netxduo/commit/fb3195b...
https://github.com/eclipse-threadx/netxduo/security/advis...

CVSS V4

Score:
7.1
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Kelly Patterson of Cisco Talos
.
CVE-2025-2260 : Denial of Service Vulnerability in Eclipse ThreadX NetX Duo | SecurityVulnerability.io