CVE-2025-2260

Name of the Vulnerable Software and Affected Versions Eclipse ThreadX NetX Duo versions prior to 6.4.3

Description The issue is related to the NetX HTTP server functionality, where an attacker can cause a denial of service by sending specially crafted packets. This is due to a missing closing of a file in case of an error condition, resulting in a 404 error for each further file request. The problem is a result of an incomplete fix of a previous issue.

Recommendations For versions prior to 6.4.3, consider disabling the PUT request support as a temporary workaround to mitigate the risk of denial of service. Update to version 6.4.3 or later to fully resolve the issue.