CVE-2025-55096
BaseFortify
Publication date: 2025-10-17
Last updated on: 2025-10-23
Assigner: Eclipse Foundation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| eclipse | threadx_usbx | to 6.4.3.202503 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-191 | The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an out of bound read issue in the USB support module of USBX (before version 6.4.3) for the Eclipse Foundation ThreadX. It occurs in the function _ux_host_class_hid_report_descriptor_get() when parsing the descriptor of a USB HID device, potentially causing the software to read memory outside the intended bounds.
How can this vulnerability impact me? :
The impact of this vulnerability could include potential information disclosure or software instability due to reading memory out of bounds. However, the CVSS score is low (2.1), indicating limited impact and requiring local access with high attack complexity and no user interaction.