CVE-2025-55091 MEDIUM

CVE-2025-55091: Potential out of bound read in _nx_ip_packet_receive()

Vendor Eclipse Foundation
Product NetX Duo
Weakness CWE-125
Published October 16, 2025
Last update October 16, 2025

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ip_packet_receive() function when received an Ethernet with type set as IP but no IP data.

Key dates

02Disclosure timeline

October 16, 2025 CVE published
October 16, 2025 Record updated

Related vulnerabilities

04Related CVE