Home > Vulnerability Database > CVE-2025-55085

Mend.io Vulnerability Database

CVE-2025-55085

Good to know:

Date: October 17, 2025

In NextX Duo before 6.4.4, in the HTTP client module, the network support code for Eclipse Foundation ThreadX, the parsing of HTTP header fields was missing bounds verification. A crafted server response could cause undefined behavior.

Severity Score

9.1

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-55085

Url: https://github.com/eclipse-threadx/netxduo/security/advisories/GHSA-9c77-rgp9-c2g2

Url: https://www.mend.io/vulnerability-database/CVE-2025-55085

Severity Score

9.1

Weakness Type (CWE)

Out-of-bounds Read

CWE-125

Improper Validation of Syntactic Correctness of Input

CWE-1286

Top Fix

Upgrade Version

Upgrade to version https://github.com/eclipse-threadx/netxduo.git - v.6.4.4.202503_rel

Learn More

CVSS v3.1

Base Score:	9.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-55085

Good to know:

Date: October 17, 2025

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?