CVE-2025-2258

Name of the Vulnerable Software and Affected Versions Eclipse ThreadX NetX Duo versions prior to 6.4.3

Description The issue is related to the HTTP server functionality in the NetX Duo component, where an attacker can cause an integer underflow and a subsequent denial of service. This can be achieved by writing a very large file or by sending specially crafted packets with a Content-Length smaller than the data request size.

Recommendations For versions prior to 6.4.3, update to version 6.4.3 or later to resolve the issue. As a temporary workaround, consider disabling HTTP PUT support until a patch is available.