Out-of-Bound Read Vulnerability in NextX Duo's SNMP Add-on from Eclipse Foundation
CVE-2025-55087

6.3MEDIUM

Key Information:

Vendor: Eclipse Foundation
Status: Nextx Duo
Vendor: CVE Published:; 17 October 2025

🔔 Create Eclipse Foundation Vulnerability Alert

What is CVE-2025-55087?

In versions prior to 6.4.4 of NextX Duo's SNMP add-on, a vulnerability exists that may allow an attacker to perform an out-of-bound read, posing a security risk through specially crafted SNMPv3 security parameters. This issue stems from underlying issues in how the SNMP add-on processes certain security parameters, potentially leading to information disclosure or other exploits. It is crucial for users of the affected product to review their installations and apply the necessary updates to maintain security integrity.

Affected Version(s)

NextX Duo 0 < 6.4.4

References

https://github.com/eclipse-threadx/netxduo/security/advis...

vendor-advisory

CVSS V4

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 17, 2025
Vulnerability Reserved
Aug 6, 2025

Credit

ekleezg

JSON