Eclipse Foundation ThreadX Vulnerability in NetX Duo Software
CVE-2025-55084

6.9MEDIUM

Key Information:

Vendor: Eclipse Foundation
Status: Netx Duo
Vendor: CVE Published:; 16 October 2025

🔔 Create Eclipse Foundation Vulnerability Alert

What is CVE-2025-55084?

An improper bound check exists in the in_nx_secure_tls_proc_clienthello_supported_versions_extension() function of Eclipse Foundation's ThreadX component used in NetX Duo before version 6.4.4. This vulnerability could potentially allow attackers to exploit the version field in client hello messages, potentially leading to unauthorized access or denial of service.

Affected Version(s)

NetX Duo 0 < 6.4.4

References

https://github.com/eclipse-threadx/netxduo/security/advis...

vendor-advisory

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Oct 16, 2025
Vulnerability Reserved
Aug 6, 2025

Credit

Justin Stauffer

Ilya van Sprundel

JSON