CVE-2025-55085

Summary

In NextX Duo before 6.4.4, in the HTTP client module, the network support code for Eclipse Foundation ThreadX, the parsing of HTTP header fields was missing bounds verification. A crafted server response could cause undefined behavior.

Affected Software

VendorProductVersion RangeStatus
Eclipse FoundationNetX Duo0 < 6.4.4affected

Weaknesses

  • CWE-125: CWE-125 Out-of-bounds Read
  • CWE-1286: CWE-1286

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References