CVE-2025-2258

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-2258
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-2258.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-2258
Aliases
  • GHSA-chqp-8vf8-cj25
Published
2025-04-06T19:15:40.197Z
Modified
2025-11-16T15:10:10.212348Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In NetX Duo component HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length smaller than the data request size. A possible workaround is to disable HTTP PUT support.

This issue follows an uncomplete fix in CVE-2025-0728.

References

Affected packages

Git / github.com/eclipse-threadx/netxduo

Affected ranges

Type
GIT
Repo
https://github.com/eclipse-threadx/netxduo
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
6c8e9d1c95d71bd4b313e1cc37d8f8841543b248

Affected versions

v6.*

v6.0.1_rel
v6.0.2_rel
v6.0_rel
v6.1.10_rel
v6.1.11_rel
v6.1.12_rel
v6.1.2_rel
v6.1.3_rel
v6.1.4_rel
v6.1.5_rel
v6.1.6_rel
v6.1.7_rel
v6.1.8_rel
v6.1.9_rel
v6.1_rel
v6.2.0_rel
v6.2.1_rel
v6.3.0_rel
v6.4.0_rel
v6.4.1_rel