CVE-2025-55087 – This vulnerability in NextX Duo's SNMP addon al... (How to Fix)

Q: What is the severity of CVE-2025-55087?

CVE-2025-55087 has a CVSS score of 7.5 (HIGH). This vulnerability in NextX Duo's SNMP addon allows attackers to trigger an out-of-bounds read via specially crafted SNMPv3 security parameters. This could lead to information disclosure or system crashes. Systems using Eclipse Foundation ThreadX with NextX Duo SNMP addon versions before 6.4.4 are affected.

📋 TL;DR

This vulnerability in NextX Duo's SNMP addon allows attackers to trigger an out-of-bounds read via specially crafted SNMPv3 security parameters. This could lead to information disclosure or system crashes. Systems using Eclipse Foundation ThreadX with NextX Duo SNMP addon versions before 6.4.4 are affected.

💻 Affected Systems

Products:

NextX Duo SNMP addon
Eclipse Foundation ThreadX

Versions: All versions before 6.4.4

Operating Systems: Any OS running ThreadX with NextX Duo SNMP addon

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with SNMPv3 enabled and configured.

📦 What is this software?

Threadx Netx Duo by Eclipse

View all CVEs affecting Threadx Netx Duo →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution or complete system compromise through memory corruption leading to arbitrary code execution.

🟠

Likely Case

Information disclosure through memory leaks or denial of service through system crashes.

🟢

If Mitigated

Limited impact with proper network segmentation and SNMP access controls in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires SNMPv3 access but no authentication. Attack complexity depends on memory layout.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.4.4

Vendor Advisory: https://github.com/eclipse-threadx/netxduo/security/advisories/GHSA-v474-mv4g-v8cx

Restart Required: Yes

Instructions:

1. Update NextX Duo SNMP addon to version 6.4.4 or later. 2. Recompile and redeploy affected ThreadX applications. 3. Restart affected systems.

🔧 Temporary Workarounds

Disable SNMPv3

all

Disable SNMPv3 protocol support to prevent exploitation.

Configure SNMP to use only SNMPv1/v2c or disable SNMP entirely

Network Access Control

linux

Restrict SNMP access to trusted networks only.

iptables -A INPUT -p udp --dport 161 -s trusted_network -j ACCEPT
iptables -A INPUT -p udp --dport 161 -j DROP

🧯 If You Can't Patch

Implement strict network segmentation to isolate SNMP traffic
Deploy intrusion detection systems to monitor for SNMP exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check NextX Duo SNMP addon version. If version < 6.4.4 and SNMPv3 is enabled, system is vulnerable.

Check Version:

Check application build configuration or consult system documentation for NextX Duo version.

Verify Fix Applied:

Verify NextX Duo SNMP addon version is 6.4.4 or later and test SNMPv3 functionality.

📡 Detection & Monitoring

Log Indicators:

SNMP protocol errors
Memory access violation logs
System crash/restart events

Network Indicators:

Unusual SNMPv3 traffic patterns
SNMP requests with malformed security parameters

SIEM Query:

source="snmpd" AND (error OR violation OR crash)

📊 Metadata

CVE ID: CVE-2025-55087

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-125

EPSS Score: 0.13% exploit probability (32.2th percentile)

Published: October 17, 2025

Last Updated: October 24, 2025

🔗 References

https://github.com/eclipse-threadx/netxduo/security/advisories/GHSA-v474-mv4g-v8cx Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-55087, you might also want to check these: