CVE-2025-55091
📋 TL;DR
This vulnerability in NetX Duo's _nx_ip_packet_receive() function allows an attacker to cause an out-of-bounds read by sending specially crafted Ethernet frames with IP type but no IP data. This could lead to information disclosure, denial of service, or potential remote code execution. Affects all systems using vulnerable versions of NetX Duo networking module in Eclipse ThreadX.
💻 Affected Systems
- NetX Duo
- Eclipse ThreadX with NetX Duo module
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete system compromise if the out-of-bounds read can be leveraged for memory corruption attacks.
Likely Case
Denial of service through system crashes or reboots, potentially with information disclosure of adjacent memory contents.
If Mitigated
System stability maintained with no data leakage if proper input validation and memory protections are in place.
🎯 Exploit Status
Exploitation requires crafting specific malformed Ethernet packets and sending them to vulnerable systems. No authentication required.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: NetX Duo 6.4.4 and later
Vendor Advisory: https://github.com/eclipse-threadx/netxduo/security/advisories/GHSA-pf5q-r6q5-6j2f
Restart Required: No
Instructions:
1. Update NetX Duo to version 6.4.4 or later. 2. Recompile your ThreadX/NetX Duo application with the updated library. 3. Deploy the updated firmware/software to affected devices.
🔧 Temporary Workarounds
Network filtering
allImplement network filtering to block malformed Ethernet packets with IP type but no IP data
Input validation enhancement
allAdd additional packet validation before processing in network stack
🧯 If You Can't Patch
- Implement strict network segmentation to isolate vulnerable devices
- Deploy network intrusion prevention systems to detect and block exploitation attempts
🔍 How to Verify
Check if Vulnerable:
Check NetX Duo library version in your application source code or compiled binaries. Vulnerable if version < 6.4.4.Check Version:
Check NX_VERSION_MAJOR, NX_VERSION_MINOR, NX_VERSION_PATCH in nx_api.h or equivalent version definesVerify Fix Applied:
Verify NetX Duo version is 6.4.4 or later in your application. Test with malformed Ethernet packets to ensure system stability.📡 Detection & Monitoring
Log Indicators:
- System crashes or reboots
- Memory access violation logs
- Network stack error messages
Network Indicators:
- Malformed Ethernet packets with IP type (0x0800) but no IP payload
- Unusual packet patterns targeting network stack
SIEM Query:
network.protocol:ethernet AND ethernet.type:0x0800 AND (NOT ip.version EXISTS OR packet.size < 60)