CVE-2025-55081
Published: 15 October 2025
Summary
CVE-2025-55081 is a medium-severity Buffer Over-read (CWE-126) vulnerability in Eclipse Threadx Netx Duo. Its CVSS base score is 6.9 (Medium).
Operationally, ranked at the 21.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-34608
Vulnerability details
In Eclipse Foundation NextX Duo before 6.4.4, a module of ThreadX, the _nx_secure_tls_process_clienthello() function was missing length verification of certain SSL/TLS client hello message: the ciphersuite length and compression method length. In case of an attacker-crafted message with values outside…
more
of the expected range, it could cause an out-of-bound read.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.