CVE-2025-55093
📋 TL;DR
This vulnerability in NetX Duo's IPv4 packet handling allows an attacker to read 4 bytes of memory beyond allocated boundaries when processing unicast DHCP messages. This affects systems using NetX Duo networking module in Eclipse Foundation ThreadX before version 6.4.4. The memory corruption could potentially lead to information disclosure or system instability.
💻 Affected Systems
- NetX Duo
- Eclipse Foundation ThreadX with NetX Duo module
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Memory corruption leading to system crash, denial of service, or potential information disclosure of sensitive memory contents.
Likely Case
System instability or crash when processing malformed DHCP packets, causing temporary network disruption.
If Mitigated
Limited impact with proper network segmentation and DHCP server controls, potentially causing only minor packet processing errors.
🎯 Exploit Status
Exploitation requires ability to send crafted DHCP packets to the target system. No authentication bypass needed but requires network access to send DHCP traffic.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 6.4.4
Vendor Advisory: https://github.com/eclipse-threadx/netxduo/security/advisories/GHSA-c9pq-93jp-w649
Restart Required: No
Instructions:
1. Update NetX Duo to version 6.4.4 or later. 2. Recompile and redeploy applications using the updated library. 3. No system restart required for embedded systems, but application restart may be needed.
🔧 Temporary Workarounds
DHCP Traffic Filtering
allBlock or filter unicast DHCP messages at network perimeter or on affected systems
Disable DHCP Client
allUse static IP configuration instead of DHCP where possible
🧯 If You Can't Patch
- Implement network segmentation to isolate systems using NetX Duo from untrusted networks
- Deploy network intrusion prevention systems to detect and block malformed DHCP packets
🔍 How to Verify
Check if Vulnerable:
Check NetX Duo version in your application. If using version earlier than 6.4.4 and processing DHCP, system is vulnerable.Check Version:
Check build configuration files or use vendor-specific version query commands for your embedded platform.Verify Fix Applied:
Verify NetX Duo version is 6.4.4 or later in application build configuration and deployed binaries.📡 Detection & Monitoring
Log Indicators:
- System crashes or reboots during DHCP processing
- Memory access violation errors in system logs
Network Indicators:
- Unusual DHCP packet patterns or malformed DHCP messages
SIEM Query:
Search for: (event_type="system_crash" OR event_type="memory_error") AND process_name contains "netx" OR "dhcp"