CVE-2025-0727
Published: 21 February 2025
Summary
CVE-2025-0727 is a high-severity Wrap or Wraparound (CWE-191) vulnerability in Eclipse Threadx Netx Duo. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 49.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the integer underflow vulnerability in NetX HTTP server by applying the vendor-recommended patch to version 6.4.2.
Validates HTTP Content-Length headers and corresponding data sizes to prevent integer underflow during malformed PUT request processing.
Protects the system against denial-of-service caused by specially crafted large-file HTTP PUT packets triggering the underflow crash.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Integer underflow in public HTTP server directly enables remote exploitation causing application crash (Endpoint DoS via software vulnerability).
NVD Description
In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length in one…
more
packet smaller than the data request size of the other packet. A possible workaround is to disable HTTP PUT support.
Deeper analysisAI
CVE-2025-0727 is an integer underflow vulnerability (CWE-191) in the HTTP server functionality of Eclipse ThreadX NetX Duo versions prior to 6.4.2. The flaw occurs when processing specially crafted packets during file upload operations, where a Content-Length value in one packet is smaller than the actual data size in another packet, leading to an underflow during the handling of very large files. This affects embedded systems and IoT devices relying on NetX Duo for TCP/IP networking, with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high-impact availability disruption.
A remote, unauthenticated attacker can exploit this vulnerability over the network with low complexity and no user interaction required. By sending malformed HTTP PUT requests with discrepant Content-Length and data sizes, the attacker triggers the integer underflow, causing the NetX HTTP server to crash or become unresponsive, resulting in a denial-of-service condition that disrupts network services on the affected device.
The Eclipse ThreadX NetX Duo security advisory (GHSA-jf6x-9mgc-p72w) and associated patch commit (c78d650be7377aae1a8704bc0ce5cc6f9f189014) recommend upgrading to version 6.4.2, which fixes the underflow in HTTP PUT handling. As a workaround, disabling HTTP PUT support in the NetX HTTP server configuration can prevent exploitation.
Details
- CWE(s)