Out of Bound Read Vulnerability in Eclipse Foundation ThreadX USB Support Module
CVE-2025-55099

2.4LOW

Key Information:

Vendor: Eclipse Foundation
Status: Usbx
Vendor: CVE Published:; 17 October 2025

🔔 Create Eclipse Foundation Vulnerability Alert

What is CVE-2025-55099?

The USB support module for Eclipse Foundation ThreadX, specifically USBX prior to version 6.4.3, contains a potential out of bound read vulnerability. This issue occurs in the function _ux_host_class_audio_alternate_setting_locate() when it processes descriptors with frequency fields that can be controlled by an attacker, posing a risk of unauthorized access to sensitive information.

Affected Version(s)

USBX 0 < 6.4.3

References

https://github.com/eclipse-threadx/usbx/security/advisori...

vendor-advisory

CVSS V4

Score:

2.4

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Physical

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 17, 2025
Vulnerability Reserved
Aug 6, 2025

JSON