CVE-2025-55081
BaseFortify
Publication date: 2025-10-15
Last updated on: 2025-10-27
Assigner: Eclipse Foundation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| eclipse | threadx_netx_duo | to 6.4.4.202503 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
| CWE-126 | The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the _nx_secure_tls_process_clienthello() function of Eclipse Foundation NextX Duo (ThreadX) before version 6.4.4. The function fails to properly verify the length of certain fields in the SSL/TLS ClientHello message, specifically the ciphersuite length and compression method length. An attacker can send a specially crafted ClientHello message with out-of-range length values, causing an out-of-bounds read (buffer over-read) which may expose sensitive information from adjacent memory. [1]
How can this vulnerability impact me? :
The vulnerability can be exploited remotely over the network without any privileges or user interaction, and requires low attack complexity. The impact is limited to a low confidentiality loss due to potential exposure of sensitive information from memory adjacent to the buffer. There is no impact on integrity or availability of the system. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade NetX Duo (Eclipse ThreadX) to version 6.4.4 or later, where the issue in _nx_secure_tls_process_clienthello() has been fixed by adding proper length verification for the SSL/TLS ClientHello message fields. [1]