CVE-2025-55087
BaseFortify
Publication date: 2025-10-17
Last updated on: 2025-10-24
Assigner: Eclipse Foundation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| eclipse | threadx_netx_duo | to 6.4.4.202503 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
| CWE-1285 | The product receives input that is expected to specify an index, position, or offset into an indexable resource such as a buffer or file, but it does not validate or incorrectly validates that the specified index/position/offset has the required properties. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in NextX Duo's SNMP addon versions before 6.4.4 allows an attacker to cause an out-of-bound read by sending specially crafted SNMPv3 security parameters. This means the attacker can make the software read memory outside the intended boundaries, potentially leading to information disclosure or application instability.
How can this vulnerability impact me? :
The impact of this vulnerability includes potential unauthorized access to sensitive information due to out-of-bound memory reads, which can lead to data leakage or application crashes. This could affect system reliability and confidentiality.