Skip to main content

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

CVE-2025-55085 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceCVE-2025-55085

CVE-2025-55085

HIGH8.8

Web http client: Unchecked Server-Side Malicious Packet Issue

Published Oct 17, 2025

Modified 4 months ago

Details

In NextX Duo before 6.4.4, in the HTTP client module, the network support code for Eclipse Foundation ThreadX, the parsing of HTTP header fields was missing bounds verification. A crafted server response could cause undefined behavior.

References

https://github.com/eclipse-threadx/netxduo/security/advisories/GHSA-9c77-rgp9-c2g2

https://www.cve.org/CVERecord?id=CVE-2025-55085

CVSS Analysis

CVSS v4.0

8.8

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Attack Requirements

NoneAT:N

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Vulnerable System

Vuln. Confidentiality

NoneVC:N

Vuln. Integrity

HighVI:H

Vuln. Availability

HighVA:H

Subsequent System

Subseq. Confidentiality

NoneSC:N

Subseq. Integrity

NoneSI:N

Subseq. Availability

NoneSA:N

8.8/CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

Weakness Type (CWE)

Memory Safety

Out-of-bounds Read

Other

Ecosystems

Timeline

PublishedOct 17, 2025

ModifiedOct 20, 2025