PT-2025-42422 · Eclipse Foundation+1 · Thread+1

Justin Stauffer

Published

2025-10-16

Updated

2025-10-21

CVE-2025-55084

CVSS v4.0

6.9

Medium

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions NetX Duo versions prior to 6.4.4

Description An incorrect bound check exists in the nx secure tls proc clienthello supported versions extension() function within the extension version field of the Eclipse Foundation ThreadX component in NetX Duo.

Recommendations Update to version 6.4.4 or later.

Fix

Buffer Over-read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-126

Related Identifiers

CVE-2025-55084

GHSA-M474-39RW-V8GM

Affected Products

Netx Duo

Thread

PT-2025-42422 · Eclipse Foundation+1 · Thread+1

CVE-2025-55084

Weakness Enumeration

Related Identifiers

Affected Products

References · 8