CVE-2025-55081

Published: Oct 15, 2025

Modified: Oct 15, 2025

PUBLISHED

Description

In Eclipse Foundation NextX Duo before 6.4.4, a module of ThreadX, the _nx_secure_tls_process_clienthello() function was missing length verification of certain SSL/TLS client hello message: the ciphersuite length and compression method length. In case of an attacker-crafted message with values outside of the expected range, it could cause an out-of-bound read.

Vendor	Product	Versions
Eclipse Foundation	NetX Duo	affected `0 - < 6.4.4`

Weaknesses (CWE)

CWE-126

References

https://github.com/eclipse-threadx/netxduo/security/advisories/GHSA-5vrv-8j5h-h6h6

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-55081

Description

Affected Products

Weaknesses (CWE)

References