PT-2025-42798 · Eclipse Foundation · Thread+1

Ekleezg

Published

2025-10-20

Updated

2025-10-20

CVE-2025-55086

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions NetXDuo versions prior to 6.4.4

Description An issue exists in the DHCPV6 client within the networking support module for Eclipse Foundation ThreadX. Specifically, an unchecked index during the extraction of the server DUID from server replies can lead to an out-of-memory read condition. An attacker could potentially exploit this with a crafted packet.

Recommendations Update to version 6.4.4 or later.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-1285

Related Identifiers

CVE-2025-55086

GHSA-99PW-CP79-2J5J

Affected Products

Netx Duo

Thread

PT-2025-42798 · Eclipse Foundation · Thread+1

CVE-2025-55086

Weakness Enumeration

Related Identifiers

Affected Products

References · 5