CVE-2025-55085 HIGH

CVE-2025-55085: Web http client: Unchecked Server-Side Malicious Packet Issue

Vendor Eclipse Foundation
Product NetX Duo
Weakness CWE-125
Published October 17, 2025
Last update October 20, 2025

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

In NextX Duo before 6.4.4, in the HTTP client module, the network support code for Eclipse Foundation ThreadX, the parsing of HTTP header fields was missing bounds verification. A crafted server response could cause undefined behavior.

Key dates

02Disclosure timeline

October 17, 2025 CVE published
October 20, 2025 Record updated