Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-55085

In NextX Duo before 6.4.4, in the HTTP client module, the network support code for Eclipse Foundation ThreadX, the parsing of HTTP header fields was missing bounds verification. A crafted server response could cause undefined behavior.

Published

2025-10-17T15:15:38.907

Last Modified

2025-10-27T14:33:47.567

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-125
CWE-1286

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	eclipse	threadx_netx_duo	< 6.4.4.202503	Yes

References

https://github.com/eclipse-threadx/netxduo/security/advisories/GHSA-9c77-rgp9-c2g2 Exploit, Vendor Advisory ([email protected])