CVE-2025-55090
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-16

Last updated on: 2025-10-21

Assigner: Eclipse Foundation

Description
In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_packet_receive() function when received an Ethernet frame with less than 4 bytes of IP packet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-16
Last Modified
2025-10-21
Generated
2026-06-16
AI Q&A
2025-10-16
EPSS Evaluated
2026-06-15
NVD
CVE-2025-55090
EUVD
EUVD-2025-34724
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
eclipse threadx_netx_duo to 6.4.4.202503 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
CWE-126 The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-55090 is a vulnerability in NetX Duo (Eclipse ThreadX) versions before 6.4.4, specifically in the _nx_ipv4_packet_receive() function. This function reads the first 4 bytes of an IPv4 packet header without verifying that these bytes are within the valid bounds of the packet data. If an attacker sends an Ethernet frame with less than 4 bytes of IP data, it can cause an out-of-bounds read, potentially leading to a crash or information leak by reading memory outside the intended buffer. [1]

Impact Analysis

This vulnerability can be exploited remotely without any privileges or user interaction. It may cause the affected system to crash or leak information due to out-of-bounds memory reads. The impact is limited to low confidentiality loss, with no impact on integrity or availability. [1]

Detection Guidance

This vulnerability can be detected by monitoring for crashes or abnormal behavior in NetX Duo versions prior to 6.4.4 when processing IPv4 packets. Since the issue occurs when receiving Ethernet frames with less than 4 bytes of IP packet data, network packet capture tools like tcpdump or Wireshark can be used to identify suspicious small IPv4 packets. For example, using tcpdump to filter IPv4 packets with very small payloads could help detect potential exploit attempts: tcpdump -i <interface> 'ip and less 42' (assuming minimum IPv4 header size plus Ethernet frame). Additionally, monitoring system logs for crashes or memory access violations related to _nx_ipv4_packet_receive() may help detect exploitation attempts. However, no specific detection commands are provided in the resources. [1]

Mitigation Strategies

The immediate mitigation step is to upgrade NetX Duo to version 6.4.4 or later, where the vulnerability in _nx_ipv4_packet_receive() has been patched. This update includes proper bounds checking to prevent out-of-bounds reads. Until the update can be applied, consider implementing network-level protections such as filtering or blocking suspicious Ethernet frames with abnormally small IPv4 packet sizes to reduce exposure. No other specific mitigations are detailed in the provided resources. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-55090. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart