QwikSec

Security Database

CVE

CWE

Training

CVE-2025-0728

Published: Feb 21, 2025

Modified: Feb 21, 2025

PUBLISHED

Description

In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length smaller than the data request size. A possible workaround is to disable HTTP PUT support.

Vendor	Product	Versions
Eclipse Foundation	ThreadX	affected `0 - < 6.4.1`

Weaknesses (CWE)

References

https://github.com/eclipse-threadx/netxduo/commit/c78d650be7377aae1a8704bc0ce5cc6f9f189014

patch

https://github.com/eclipse-threadx/netxduo/security/advisories/GHSA-hqp7-4q26-6wqf

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2025-0728 - Security Vulnerability | QwikSec