Login Sign Up

CVE-2025-55079

5.5 MEDIUM
Denial of Service

📋 TL;DR

This vulnerability in Eclipse ThreadX allows threads to be created with higher priority than configured maximum, potentially causing denial of service through resource starvation. It affects all systems using vulnerable versions of Eclipse ThreadX, particularly embedded and IoT devices.

💻 Affected Systems

Products:
  • Eclipse ThreadX
Versions: All versions before 6.4.3
Operating Systems: Any OS using Eclipse ThreadX (commonly embedded/RTOS systems)
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all configurations using thread priority functionality. Particularly relevant for real-time and embedded systems.

📦 What is this software?

Threadx by Eclipse

View all CVEs affecting Threadx →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Critical system threads could be starved of CPU resources, causing complete system lockup or failure of essential functions in embedded systems.

🟠

Likely Case

Degraded system performance, intermittent service disruptions, or instability in multi-threaded applications.

🟢

If Mitigated

Minimal impact with proper thread priority management and monitoring in place.

🌐 Internet-Facing: LOW - This is primarily an internal threading issue affecting system stability rather than remote exploitation.
🏢 Internal Only: MEDIUM - Could be exploited by malicious local code or through compromised applications to degrade system performance.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires ability to create threads with manipulated priority values. Likely requires local code execution or compromised application.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.4.3

Vendor Advisory: https://github.com/eclipse-threadx/threadx/security/advisories/GHSA-w8rw-fqgj-9r49

Restart Required: No

Instructions:

1. Update Eclipse ThreadX to version 6.4.3 or later. 2. Recompile any applications using ThreadX with the updated library. 3. Deploy updated firmware/software to affected devices.

🔧 Temporary Workarounds

Thread Priority Monitoring

all

Implement runtime monitoring of thread priorities to detect and log any threads exceeding configured maximum priority.

🧯 If You Can't Patch

  • Implement strict thread creation policies and review all thread priority assignments in application code.
  • Add runtime assertions to validate thread priority values before thread creation in custom wrapper functions.

🔍 How to Verify

Check if Vulnerable:

Check ThreadX version in your firmware/software. If version is below 6.4.3, you are vulnerable.

Check Version:

Check build configuration or firmware version information for ThreadX version string.

Verify Fix Applied:

Verify ThreadX version is 6.4.3 or higher and test thread creation with various priority values to ensure proper validation.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected thread priority values in system logs
  • Thread creation failures or warnings related to priority

Network Indicators:

  • None - this is a local threading issue

SIEM Query:

Search for thread creation events with priority values exceeding system maximum configuration.

📊 Metadata

CVE ID: CVE-2025-55079
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-770
EPSS Score: 0.04% exploit probability (13th percentile)
Published: October 15, 2025
Last Updated: October 22, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-55079, you might also want to check these:

CVE-2024-44241 9.8

This vulnerability in DCP firmware allows attackers to execute arbitrary code or cause system crashe...

Same vulnerability type (CWE-770)
CVE-2025-11832 9.8

This CVE describes a resource allocation vulnerability in Azure Access Technology BLU-IC2 and BLU-IC...

Same vulnerability type (CWE-770)
CVE-2021-47875 9.8

GeoGebra CAS Calculator 6.0.631.0 contains a buffer overflow vulnerability that allows attackers to ...

Same vulnerability type (CWE-770)