Out of Bound Read Vulnerability in NetX Duo Networking Module by Eclipse Foundation
CVE-2025-55091

6.9MEDIUM

Key Information:

Vendor: Eclipse Foundation
Status: Netx Duo
Vendor: CVE Published:; 16 October 2025

🔔 Create Eclipse Foundation Vulnerability Alert

What is CVE-2025-55091?

In the NetX Duo networking support module for the Eclipse Foundation's ThreadX, a vulnerability has been identified that allows for potential out of bounds reading. This issue occurs in the _nx_ip_packet_receive() function when the module processes an Ethernet frame falsely identified as containing IP data without any actual IP content. Such conditions can lead to unpredicted behavior and can threaten the integrity of the network communications handled by the affected version of the software.

Affected Version(s)

NetX Duo 0 < 6.4.4

References

https://github.com/eclipse-threadx/netxduo/security/advis...

vendor-advisory

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 16, 2025
Vulnerability Reserved
Aug 6, 2025

Credit

Justin Stauffer

Ilja van Sprundel

JSON