CVE-2025-55078 – This vulnerability in Eclipse ThreadX allows at... (How to Fix)

Q: What is the severity of CVE-2025-55078?

CVE-2025-55078 has a CVSS score of 5.5 (MEDIUM). This vulnerability in Eclipse ThreadX allows attackers to cause denial of service by providing pointers to unmapped memory regions. The system call validation fails to check if pointers are outside module memory boundaries. This affects all systems running vulnerable versions of Eclipse ThreadX.

📋 TL;DR

This vulnerability in Eclipse ThreadX allows attackers to cause denial of service by providing pointers to unmapped memory regions. The system call validation fails to check if pointers are outside module memory boundaries. This affects all systems running vulnerable versions of Eclipse ThreadX.

💻 Affected Systems

Products:

Eclipse ThreadX

Versions: All versions before 6.4.3

Operating Systems: Any OS using Eclipse ThreadX

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations of affected versions are vulnerable. This is a core RTOS component used in embedded systems.

📦 What is this software?

Threadx by Eclipse

View all CVEs affecting Threadx →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash and denial of service, potentially requiring physical intervention to restart affected devices.

🟠

Likely Case

Service disruption and system instability leading to temporary unavailability of affected services.

🟢

If Mitigated

Minimal impact with proper memory protection mechanisms and segmentation in place.

🌐 Internet-Facing: MEDIUM - Requires specific system call access but could be exploited remotely if vulnerable services are exposed.

🏢 Internal Only: MEDIUM - Internal attackers or compromised systems could exploit this to disrupt critical services.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires knowledge of system call interfaces and memory layout. No public exploit code is available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.4.3

Vendor Advisory: https://github.com/eclipse-threadx/threadx/security/advisories/GHSA-wcfg-5jpf-hhxq

Restart Required: No

Instructions:

1. Download Eclipse ThreadX version 6.4.3 or later from the official repository. 2. Replace the vulnerable ThreadX files with the patched version. 3. Recompile your application with the updated ThreadX library. 4. Deploy the updated firmware to affected devices.

🔧 Temporary Workarounds

Memory Protection Enhancement

all

Implement additional memory protection mechanisms and boundary checks in application code

🧯 If You Can't Patch

Implement strict input validation for all system calls that accept pointers
Deploy network segmentation to isolate vulnerable systems from untrusted networks

🔍 How to Verify

Check if Vulnerable:

Check the ThreadX version in your firmware or source code. If using version earlier than 6.4.3, you are vulnerable.

Check Version:

Check the TX_VERSION_MAJOR, TX_VERSION_MINOR, and TX_VERSION_PATCH defines in tx_api.h

Verify Fix Applied:

Verify that ThreadX version 6.4.3 or later is integrated into your build system and deployed firmware.

📡 Detection & Monitoring

Log Indicators:

System crashes
Memory access violation errors
Unexpected system resets

Network Indicators:

Sudden service unavailability
Connection timeouts to affected devices

SIEM Query:

source="system_logs" AND ("memory violation" OR "access fault" OR "system crash") AND process="threadx"

📊 Metadata

CVE ID: CVE-2025-55078

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-233

EPSS Score: 0.04% exploit probability (13th percentile)

Published: October 14, 2025

Last Updated: October 21, 2025

🔗 References

https://github.com/eclipse-threadx/threadx/security/advisories/GHSA-wcfg-5jpf-hhxq Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-55078, you might also want to check these: