216.73.217.172

CVE-2025-2258

· Published 06/04/2025 19:15 · Modified 06/04/2025 19:15

Labels: CVE-2025-2258 2025-04-06CVE-2025-2258CWE-191[email protected]

Essential information

Published
06/04/2025 19:15
Modified
06/04/2025 19:15
Author
Creator
CVSS
5.3 MEDIUM (v3) 5.3 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

In NetX Duo component HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length smaller than the data request size. A possible workaround is to disable HTTP PUT support. This issue follows an uncomplete fix in CVE-2025-0728.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
eclipse / netx duo cpe:2.3:a:eclipse:netx_duo:<6.4.3:*:*:*:*:*:*:*

References