CVE-2025-55087

EPSS 0.15%
Veröffentlicht 17.10.2025 06:15:34
Zuletzt bearbeitet 24.10.2025 20:24:27
Quelle emo@eclipse.org
CVE-Watchlists
Login
Unerledigt
Login

In NextX Duo's snmp addon versions before 6.4.4, a part of the Eclipse Foundation ThreadX, an attacker could cause an out-of-bound read by a crafted SNMPv3 security parameters.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Eclipse ≫ Threadx Netx Duo Version < 6.4.4.202503

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.15%	0.298

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
emo@eclipse.org	6.3	0	0	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

CWE-1285 Improper Validation of Specified Index, Position, or Offset in Input

The product receives input that is expected to specify an index, position, or offset into an indexable resource such as a buffer or file, but it does not validate or incorrectly validates that the specified index/position/offset has the required properties.

https://github.com/eclipse-threadx/netxduo/security/advisories/GHSA-v474-mv4g-v8cx

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-55087

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-55087

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-55087

EUVD