Networking Module Vulnerability in Eclipse Foundation's ThreadX
CVE-2025-55086

6.3MEDIUM

Key Information:

Vendor: Eclipse Foundation
Status: Nextx Duo
Vendor: CVE Published:; 20 October 2025

🔔 Create Eclipse Foundation Vulnerability Alert

What is CVE-2025-55086?

In versions of NetXDuo prior to 6.4.4, a vulnerability exists within the networking support module for Eclipse Foundation's ThreadX. This concern specifically arises in the DHCPV6 client, where an unchecked index can lead to unauthorized extraction of the server DUID from the server's reply. By crafting a malicious packet, an attacker may exploit this flaw, potentially resulting in an out-of-bounds memory read.

Affected Version(s)

NextX Duo 0 < 6.4.4

References

https://github.com/eclipse-threadx/netxduo/security/advis...

CVSS V4

Score:

6.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Oct 20, 2025
Vulnerability Reserved
Aug 6, 2025

Credit

ekleezg

JSON