CVE-2025-2260

High CVSS: 7.1

In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before
version 6.4.3, an attacker can cause a denial of service by specially
crafted packets. The core issue is missing closing of a file in case of
an error condition, resulting in the 404 error for each further file
request. Users can work-around the issue by disabling the PUT request
support.

This issue follows an incomplete fix of CVE-2025-0726.

Vendor

Eclipse

Product

Threadx Netx Duo

CWE

CWE-459

Yayın Tarihi

2025-04-06 19:15:41

Güncelleme

2025-07-31 16:31:39

Source Identifier

emo@eclipse.org

KEV Date Added

Kategoriler

CWE-459 Threadx Netx Duo HIGH Eclipse 2025

Referanslar

https://github.com/eclipse-threadx/netxduo/commit/fb3195bbb6d0d6fe71a7a19585c008623c217f9e https://github.com/eclipse-threadx/netxduo/security/advisories/GHSA-f42f-6fvv-xqx3 https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2098

Benzer Kayıtlar

Critical

CVE-2026-24457

An unsafe parsing of OpenMQ's configuration, allows a remote attacker to read arbitrary files from a MQ Broker's server.…

High

CVE-2026-1605

In Eclipse Jetty, versions 12.0.0-12.0.31 and 12.1.0-12.0.5, class GzipHandler exposes a vulnerability when a compressed…

Low

CVE-2025-11143

The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Different…

Critical

CVE-2026-1699

In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview.yml used pull_request_tar…

Medium

CVE-2026-1188

In the Eclipse OMR port library component since release 0.2.0, an API function to return the textual names of all suppor…

High

CVE-2026-0648

The vulnerability stems from an incorrect error-checking logic in the CreateCounter() function (in threadx/utility/rtos_…