PT-2025-42315 · Eclipse Foundation · Eclipse Nextx Duo

Justin-Stauffer

Published

2025-10-15

Updated

2025-10-15

CVE-2025-55081

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Eclipse Foundation NextX Duo versions prior to 6.4.4

Description The nx secure tls process clienthello() function lacked proper length verification for the ciphersuite length and compression method length within SSL/TLS client hello messages. An attacker could craft a message with values outside the expected range, potentially leading to an out-of-bound read. The vulnerable function is nx secure tls process clienthello().

Recommendations Update to version 6.4.4 or later.

Fix

Buffer Over-read

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-126CWE-125

Related Identifiers

CVE-2025-55081

GHSA-5VRV-8J5H-H6H6

Affected Products

Eclipse Nextx Duo

PT-2025-42315 · Eclipse Foundation · Eclipse Nextx Duo

CVE-2025-55081

Weakness Enumeration

Related Identifiers

Affected Products

References · 5