CVE-2025-55086
CVE-2025-55086
In short
NetXDuo's DHCPv6 client doesn't properly validate data from DHCP server responses, allowing an attacker to craft a malicious packet that reads memory beyond what should be accessible. This could expose sensitive information or crash the system.
Technical detail
CWE-125 (out-of-bounds read) in NetXDuo DHCPv6 client: unchecked index when extracting server DUID from reply packets enables remote memory disclosure. Attack vector is network-based (crafted DHCP reply); requires attacker to intercept or spoof DHCP responses. Impact includes information disclosure and potential denial of service.
Summary generated and translated by AI from the official description.
In NetXDuo version before 6.4.4, a networking support module for Eclipse Foundation ThreadX, in the DHCPV6 client there was an unchecked index extracting the server DUID from the server reply. With a crafted packet, an attacker could cause an out of memory read.
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
Affected products
Eclipse Foundation · NextX DuoWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →