CVE-2025-55081
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-55081, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-10-15

Last updated on: 2025-10-27

Assigner: Eclipse Foundation

Description

In Eclipse Foundation NextX Duo before 6.4.4, a module of ThreadX, the _nx_secure_tls_process_clienthello() function was missing length verification of certain SSL/TLS client hello message: the ciphersuite length and compression method length. In case of an attacker-crafted message with values outside of the expected range, it could cause an out-of-bound read.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-10-15
Last Modified
2025-10-27
Generated
2026-07-06
AI Q&A
2025-10-15
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
eclipse threadx_netx_duo to 6.4.4.202503 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-126 The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the _nx_secure_tls_process_clienthello() function of Eclipse Foundation NextX Duo (ThreadX) before version 6.4.4. The function fails to properly verify the length of certain fields in the SSL/TLS ClientHello message, specifically the ciphersuite length and compression method length. An attacker can send a specially crafted ClientHello message with out-of-range length values, causing an out-of-bounds read (buffer over-read) which may expose sensitive information from adjacent memory. [1]

Impact Analysis

The vulnerability can be exploited remotely over the network without any privileges or user interaction, and requires low attack complexity. The impact is limited to a low confidentiality loss due to potential exposure of sensitive information from memory adjacent to the buffer. There is no impact on integrity or availability of the system. [1]

Mitigation Strategies

The immediate step to mitigate this vulnerability is to upgrade NetX Duo (Eclipse ThreadX) to version 6.4.4 or later, where the issue in _nx_secure_tls_process_clienthello() has been fixed by adding proper length verification for the SSL/TLS ClientHello message fields. [1]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-55081. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart