CVE-2025-55081
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-15

Last updated on: 2025-10-27

Assigner: Eclipse Foundation

Description
In Eclipse Foundation NextX Duo before 6.4.4, a module of ThreadX, the _nx_secure_tls_process_clienthello() function was missing length verification of certain SSL/TLS client hello message: the ciphersuite length and compression method length. In case of an attacker-crafted message with values outside of the expected range, it could cause an out-of-bound read.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-15
Last Modified
2025-10-27
Generated
2026-06-16
AI Q&A
2025-10-15
EPSS Evaluated
2026-06-15
NVD
CVE-2025-55081
EUVD
EUVD-2025-34608
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
eclipse threadx_netx_duo to 6.4.4.202503 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
CWE-126 The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the _nx_secure_tls_process_clienthello() function of Eclipse Foundation NextX Duo (ThreadX) before version 6.4.4. The function fails to properly verify the length of certain fields in the SSL/TLS ClientHello message, specifically the ciphersuite length and compression method length. An attacker can send a specially crafted ClientHello message with out-of-range length values, causing an out-of-bounds read (buffer over-read) which may expose sensitive information from adjacent memory. [1]

Impact Analysis

The vulnerability can be exploited remotely over the network without any privileges or user interaction, and requires low attack complexity. The impact is limited to a low confidentiality loss due to potential exposure of sensitive information from memory adjacent to the buffer. There is no impact on integrity or availability of the system. [1]

Mitigation Strategies

The immediate step to mitigate this vulnerability is to upgrade NetX Duo (Eclipse ThreadX) to version 6.4.4 or later, where the issue in _nx_secure_tls_process_clienthello() has been fixed by adding proper length verification for the SSL/TLS ClientHello message fields. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-55081. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart