Stefan Wick

1 exploit Active since Apr 2025
CVE-2025-2258 WRITEUP HIGH WRITEUP
Eclipse ThreadX NetX Duo < 6.4.3 - Denial of Service via Integer Underflow in HTTP Server
In NetX Duo component HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length smaller than the data request size. A possible workaround is to disable HTTP PUT support. This issue follows an uncomplete fix in CVE-2025-0728.
CVSS 7.5