Eclipse Foundation · Eclipse Nextx Duo · CVE-2025-55081
**Name of the Vulnerable Software and Affected Versions**
Eclipse Foundation NextX Duo versions prior to 6.4.4
**Description**
The ` nx secure tls process clienthello()` function lacked proper length verification for the ciphersuite length and compression method length within SSL/TLS client hello messages. An attacker could craft a message with values outside the expected range, potentially leading to an out-of-bound read. The vulnerable function is ` nx secure tls process clienthello()`.
**Recommendations**
Update to version 6.4.4 or later.