Out of Bounds Read Vulnerability in NetX Duo from Eclipse Foundation
CVE-2025-55092

6.9MEDIUM

Key Information:

Vendor: Eclipse Foundation
Status: Netx Duo
Vendor: CVE Published:; 17 October 2025

🔔 Create Eclipse Foundation Vulnerability Alert

What is CVE-2025-55092?

The NetX Duo networking support module from Eclipse Foundation has a vulnerability that could lead to an out of bounds read in the _nx_ipv4_option_process() function. This occurs when processing an IPv4 packet that contains a timestamp option, potentially exposing sensitive data or causing unexpected behavior in applications relying on this module. Users are encouraged to update to version 6.4.4 or later to mitigate this issue.

Affected Version(s)

NetX Duo 0 < 6.4.4

References

https://github.com/eclipse-threadx/netxduo/security/advis...

vendor-advisory

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 17, 2025
Vulnerability Reserved
Aug 6, 2025

Credit

Justin Stauffer

Ilja van Sprundel

JSON