Out of Bound Read Issue in USB Support Module for Eclipse Foundation ThreadX
CVE-2025-55096

2.1LOW

Key Information:

Vendor: Eclipse Foundation
Status: Netx Duo
Vendor: CVE Published:; 17 October 2025

🔔 Create Eclipse Foundation Vulnerability Alert

What is CVE-2025-55096?

A potential out of bound read vulnerability exists in the USB support module of Eclipse Foundation ThreadX versions prior to 6.4.3. This vulnerability can be triggered when the system attempts to parse the descriptor of a USB HID device, which may lead to unexpected behavior or data leakage. It is crucial for users and developers relying on USBX to address this issue promptly to ensure the integrity and security of their applications.

Affected Version(s)

NetX Duo 0 < 6.4.3

References

https://github.com/eclipse-threadx/usbx/security/advisori...

vendor-advisory

CVSS V4

Score:

2.1

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 17, 2025
Vulnerability Reserved
Aug 6, 2025

JSON