CVE-2025-55078 MEDIUM

CVE-2025-55078: Incomplete validation of kernel object pointers in system calls

Vendor Eclipse Foundation
Product ThreadX
Weakness CWE-233
Published October 14, 2025
Last update October 14, 2025

CVSS base score

5.7/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

In Eclipse ThreadX before version 6.4.3, an attacker can cause a denial of service (crash) by providing a pointer to a reserved or unmapped memory region. Vulnerable system calls had a check of pointers, but that check wasn't verifying whether the pointer is outside the module memory region.

Key dates

02Disclosure timeline

October 14, 2025 CVE published
October 14, 2025 Record updated