← back
CVE-2025-55087

CVE-2025-55087

CVSS 6.3 MEDIUMEPSS 0.4%CWE-125CWE-1285
In short

NextX Duo's SNMP addon before version 6.4.4 has a flaw that allows attackers to read data beyond memory boundaries by sending specially crafted SNMPv3 security messages. This could expose sensitive information or cause the system to crash.

Technical detail

A out-of-bounds read vulnerability exists in the SNMPv3 security parameter parsing of NextX Duo's SNMP addon prior to 6.4.4. An attacker can craft malicious SNMPv3 messages to trigger an OOB read, potentially disclosing sensitive memory contents or causing denial of service; exploitation requires network access to the SNMP service.

Summary generated and translated by AI from the official description.
In NextX Duo's snmp addon versions before 6.4.4, a part of the Eclipse Foundation ThreadX, an attacker could cause an out-of-bound read by a crafted SNMPv3 security parameters.
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Affected products
Eclipse Foundation · NextX Duo

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/eclipse-threadx/netxduo/security/advisories/GHSA-v474-mv4g-v8cx