CVE-2025-55089
BaseFortify
Publication date: 2025-10-16
Last updated on: 2025-10-16
Assigner: Eclipse Foundation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| eclipse | threadx | * |
| eclipse | threadx_filex | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-55089 is a critical buffer overflow vulnerability in the FileX RAM disk driver component of Eclipse ThreadX FileX before version 6.4.2. The issue occurs because the driver does not properly validate that the total sectors multiplied by sector size fits within the allocated RAM disk memory buffer. When processing certain network requests, such as a PUT request via the NetXDuo HTTP server, the driver copies data to a calculated memory location without bounds checking, which can overflow the buffer and overwrite adjacent memory. This can lead to remote code execution without requiring privileges or user interaction. [1]
How can this vulnerability impact me? :
This vulnerability can allow an attacker to remotely execute arbitrary code on a system running a vulnerable version of FileX with the RAM disk driver configured unsafely. Because the attack requires no privileges or user interaction and can be performed over the network, it poses a critical risk to system confidentiality, integrity, and availability. Exploitation can cause crashes or allow full system compromise. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for crashes or segmentation faults (e.g., SIGSEGV at address 0x41414141) in systems running vulnerable versions of FileX before 6.4.2, especially when using the RAM disk driver. Detection can also involve analyzing network traffic for suspicious PUT requests to the NetXDuo HTTP server that might trigger the buffer overflow. Specific commands are not provided in the resources, but monitoring system logs for crashes and using network packet capture tools (e.g., tcpdump or Wireshark) to inspect PUT requests targeting the RAM disk driver could help identify exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading FileX to version 6.4.2 or later, where the vulnerability is patched. Additionally, ensure that the product configuration enforces the condition that (total sectors * sector size) is less than the size of the RAM disk memory buffer during fx_media_format initialization to prevent buffer overflows. Avoid using unsafe sample configurations that initialize the RAM disk driver with incorrect parameters. [1]