Out of Bound Read Vulnerability in NetX Duo Networking Support Module
CVE-2025-55094

6.9MEDIUM

Key Information:

Vendor: Eclipse Foundation
Status: Netx Duo
Vendor: CVE Published:; 17 October 2025

🔔 Create Eclipse Foundation Vulnerability Alert

What is CVE-2025-55094?

A potential out of bound read vulnerability has been identified in the networking support module of NetX Duo prior to version 6.4.4. This issue occurs in the function _nx_icmpv6_validate_options() and arises during the processing of packets containing ICMP6 options. If exploited, it could lead to information leaks or other unexpected behaviors in the application.

Affected Version(s)

NetX Duo 0 < 6.4.4

References

https://github.com/eclipse-threadx/netxduo/security/advis...

vendor-advisory

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Oct 17, 2025
Vulnerability Reserved
Aug 6, 2025

Credit

Justin Stauffer

Ilja van Sprundel

JSON