CVE-2025-2259

Name of the Vulnerable Software and Affected Versions Eclipse ThreadX NetX Duo versions prior to 6.4.3

Description The issue is related to the NetX HTTP server functionality, where an attacker can cause an integer underflow and a subsequent denial of service. This can be achieved by writing a very large file or by sending specially crafted packets with a Content-Length smaller than the data request size.

Recommendations For versions prior to 6.4.3, consider disabling HTTP PUT support as a temporary workaround to mitigate the risk of exploitation. Update to version 6.4.3 or later to resolve the issue.