Out of Bound Read Vulnerability in USBX for Eclipse Foundation ThreadX
CVE-2025-55097

2.4LOW

Key Information:

Vendor: Eclipse Foundation
Status: Usbx
Vendor: CVE Published:; 17 October 2025

🔔 Create Eclipse Foundation Vulnerability Alert

What is CVE-2025-55097?

In USBX prior to version 6.4.3, a vulnerability exists in the USB support module of Eclipse Foundation's ThreadX. This issue can lead to out of bound read scenarios when processing the descriptor of a USB streaming device, potentially exposing sensitive data or causing unexpected behavior in applications relying on USB functionalities. It is crucial for users to review the latest security advisories and update their software to mitigate the risks associated with this vulnerability.

Affected Version(s)

USBX 0 < 6.4.3

References

https://github.com/eclipse-threadx/usbx/security/advisori...

vendor-advisory

CVSS V4

Score:

2.4

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Physical

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 17, 2025
Vulnerability Reserved
Aug 6, 2025

JSON