CVE-2025-55083 - Vulnerability Details - OpenCVE

In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check resulting it out by two out of bound read.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Eclipse	Threadx Netx Duo

Configuration 1 [-]

cpe:2.3:a:eclipse:threadx_netx_duo:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/eclipse-threadx/netxduo/security/advisories/GHSA-9hw5-4xcv-jprm

History

Tue, 21 Oct 2025 17:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:eclipse:threadx_netx_duo::::::::
Metrics		cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}`

Tue, 21 Oct 2025 09:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Eclipse Eclipse threadx Netx Duo
Vendors & Products		Eclipse Eclipse threadx Netx Duo

Wed, 15 Oct 2025 14:30:00 +0000

Type	Values Removed	Values Added
Description		In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check resulting it out by two out of bound read.
Title		Broken bounds check in Broken bounds check in _nx_secure_tls_process_clienthello_psk_extension()
Weaknesses		CWE-126
References		https://github.com/eclipse-threadx/netxduo/security/advisories/GHSA-9hw5-4xcv-jprm
Metrics		cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: eclipse

Published: 2025-10-15T14:11:23.044Z

Updated: 2025-10-15T14:11:23.044Z

Reserved: 2025-08-06T18:32:14.666Z

Link: CVE-2025-55083

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2025-10-15T15:16:04.217

Modified: 2025-10-21T17:04:27.283

Link: CVE-2025-55083

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-55083", "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "state": "PUBLISHED", "assignerShortName": "eclipse", "dateReserved": "2025-08-06T18:32:14.666Z", "datePublished": "2025-10-15T14:11:23.044Z", "dateUpdated": "2025-10-15T14:11:23.044Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "NetX Duo", "repo": "https://github.com/eclipse-threadx/netxduo/", "vendor": "Eclipse Foundation", "versions": [{"lessThan": "6.4.4", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Justin Stauffer"}, {"lang": "en", "type": "finder", "value": "Ilya van Sprundel"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check resulting it out by two out of bound read.<br>"}], "value": "In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check resulting it out by two out of bound read."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 6.9, "baseSeverity": "MEDIUM", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-126", "description": "CWE-126: Buffer Over-read", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "shortName": "eclipse", "dateUpdated": "2025-10-15T14:11:23.044Z"}, "references": [{"url": "https://github.com/eclipse-threadx/netxduo/security/advisories/GHSA-9hw5-4xcv-jprm"}], "source": {"discovery": "UNKNOWN"}, "title": "Broken bounds check in Broken bounds check in _nx_secure_tls_process_clienthello_psk_extension()", "x_generator": {"engine": "Vulnogram 0.2.0"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:eclipse:threadx_netx_duo:*:*:*:*:*:*:*:*", "matchCriteriaId": "24743F34-C00F-4CB2-BCEE-2BB29FA265CB", "versionEndExcluding": "6.4.4.202503", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check resulting it out by two out of bound read."}], "id": "CVE-2025-55083", "lastModified": "2025-10-21T17:04:27.283", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "emo@eclipse.org", "type": "Secondary"}]}, "published": "2025-10-15T15:16:04.217", "references": [{"source": "emo@eclipse.org", "tags": ["Vendor Advisory"], "url": "https://github.com/eclipse-threadx/netxduo/security/advisories/GHSA-9hw5-4xcv-jprm"}], "sourceIdentifier": "emo@eclipse.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-126"}], "source": "emo@eclipse.org", "type": "Primary"}]}