CVE-2025-55078
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-14

Last updated on: 2025-10-21

Assigner: Eclipse Foundation

Description
In Eclipse ThreadX before version 6.4.3, an attacker can cause a denial of service (crash) by providing a pointer to a reserved or unmapped memory region. Vulnerable system calls had a check of pointers, but that check wasn't verifying whether the pointer is outside the module memory region.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-14
Last Modified
2025-10-21
Generated
2026-06-16
AI Q&A
2025-10-14
EPSS Evaluated
2026-06-15
NVD
CVE-2025-55078
EUVD
EUVD-2025-34143
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
eclipse threadx to 6.4.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-233 The product does not properly handle when the expected number of parameters, fields, or arguments is not provided in input, or if those parameters are undefined.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-55078 is a vulnerability in the ThreadX real-time operating system where certain system calls accept kernel object pointers but do not properly verify if these pointers reference valid, mapped kernel memory. Instead, they only check if the pointer is outside the module memory region. An attacker with local access can supply pointers to reserved or unmapped memory areas, causing the system to dereference invalid memory and crash. This leads to a denial-of-service (DoS) condition until the system is rebooted. [1]

Impact Analysis

This vulnerability can cause your system running ThreadX (versions before 6.4.3) to crash unexpectedly when an attacker supplies invalid kernel object pointers. The impact is a denial-of-service condition resulting in loss of system availability. The attacker needs only low privileges and local access, and no user interaction is required. There is no impact on confidentiality or integrity, but the system will remain down until rebooted. [1]

Detection Guidance

Detection of this vulnerability involves monitoring for system crashes such as HardFault or BusFault exceptions on ARM Cortex-M processors caused by invalid kernel object pointer dereferences. Since the exploit requires local access and involves supplying invalid pointers to ThreadX system calls, detection may include auditing logs for crashes related to timer_create, thread_terminate, semaphore_get, queue_send, mutex_create, event_flags_set, byte_allocate, and block_allocate system calls. Specific commands are not provided in the available resources. [1]

Mitigation Strategies

The immediate mitigation step is to upgrade Eclipse ThreadX to version 6.4.3 or later, where the vulnerability has been patched. This update includes improved pointer validation to prevent supplying pointers to reserved or unmapped memory regions. Until the upgrade is applied, restrict local access to the system to trusted users only to reduce the risk of exploitation. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-55078. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart