Stack Overflow Vulnerability in USB Mass Storage Handling by ThreadX
CVE-2025-55095

4.2MEDIUM

Key Information:

Vendor: Eclipse Foundation
Status: Eclipse Threadx - Usbx
Vendor: CVE Published:; 27 January 2026

🔔 Create Eclipse Foundation Vulnerability Alert

What is CVE-2025-55095?

The ThreadX USB Mass Storage Driver has a vulnerability in the function responsible for mounting USB partitions. This function lacks limits on recursion depth and fails to track visited sectors. Consequently, a malicious disk image could exploit this issue by presenting cyclic or deep chains of extended partitions, leading to a stack overflow. Such a scenario could potentially allow attackers to execute arbitrary code or disrupt system operations, highlighting the need for vigilance and appropriate security measures.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Eclipse ThreadX - USBX 0 <= 6.4.2

References

https://github.com/eclipse-threadx/usbx/security/advisori...

CVSS V3.1

Score:

4.2

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 27, 2026
Vulnerability Reserved
Aug 6, 2025

JSON

Eclipse Foundation