CVE-2025-55078 Incomplete validation of kernel object pointers in system calls

In Eclipse ThreadX before version 6.4.3, an attacker can cause a denial of service crash by providing a pointer to a reserved or unmapped memory region. Vulnerable system calls had a check of pointers, but that check wasn't verifying whether the pointer is outside the module memory region...

Eclipse ThreadX RTOS 安全漏洞

Eclipse ThreadX RTOS is an advanced real-time operating system RTOS designed for deeply embedded applications from Eclipse ThreadX. A security vulnerability exists in Eclipse ThreadX RTOS versions prior to 6.4.3 that stems from an unverified pointer out of a module memory region, which could lead...

PT-2025-41858

Name of the Vulnerable Software and Affected Versions Eclipse ThreadX versions prior to 6.4.3 Description An attacker can cause a denial of service crash by providing a pointer to a reserved or unmapped memory region. The system calls had a pointer check, but it did not verify if the pointer was...

EUVD-2025-10015

Malicious code in bioql PyPI...

EUVD-2025-5083

Malicious code in bioql PyPI...

EUVD-2024-27401

Malicious code in bioql PyPI...

EUVD-2024-27171

Malicious code in bioql PyPI...

EUVD-2025-5085

Malicious code in bioql PyPI...

EUVD-2025-10016

Malicious code in bioql PyPI...

EUVD-2024-27172

Malicious code in bioql PyPI...

EUVD-2025-5084

Malicious code in bioql PyPI...

EUVD-2025-10014

Malicious code in bioql PyPI...

Eclipse ThreadX FileX RAM disk driver buffer overflow vulnerability

Talos Vulnerability Report TALOS-2024-2088 Eclipse ThreadX FileX RAM disk driver buffer overflow vulnerability July 30, 2025 CVE Number CVE-2025-55089 SUMMARY A buffer overflow vulnerability exists in the FileX RAM disk driver functionality of Eclipse ThreadX FileX git commit 1b85eb2. A specially...

Eclipse and STMicroelectronics vulnerabilities

Cisco Talos' Vulnerability Discovery & Research team recently disclosed three vulnerabilities found in Eclipse ThreadX and four vulnerabilities in the STMicroelectronics fork of ThreadX called X-CUBE-AZRTOS. The vulnerabilities mentioned in this blog post have been patched by their respective...

Eclipse ThreadX NetX Duo HTTP server single PUT request integer underflow vulnerability

Talos Vulnerability Report TALOS-2024-2105 Eclipse ThreadX NetX Duo HTTP server single PUT request integer underflow vulnerability April 14, 2025 CVE Number None,CVE-2025-2258 SUMMARY An integer underflow vulnerability exists in the HTTP server PUT request functionality of Eclipse ThreadX NetX Du...

Eclipse ThreadX NetX Duo HTTP server chunked PUT request integer underflow vulnerability

Talos Vulnerability Report TALOS-2024-2104 Eclipse ThreadX NetX Duo HTTP server chunked PUT request integer underflow vulnerability April 14, 2025 CVE Number None,CVE-2025-2259 SUMMARY An integer underflow vulnerability exists in the HTTP server PUT request functionality of Eclipse ThreadX NetX D...

Eclipse ThreadX NetX Duo HTTP server denial of service vulnerability

Talos Vulnerability Report TALOS-2024-2098 Eclipse ThreadX NetX Duo HTTP server denial of service vulnerability April 14, 2025 CVE Number CVE-2025-2260,None SUMMARY A denial of service vulnerability exists in the NetX HTTP server functionality of Eclipse ThreadX NetX Duo git commit 6c8e9d1. A...

CVE-2025-2260

In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause a denial of service by specially crafted packets. The core issue is missing closing of a file in case of an error condition, resulting in the 404 error for each further file request. Users ca...

CVE-2025-2258

In NetX Duo component HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length smaller than the data request size. A...

CVE-2025-2260

In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause a denial of service by specially crafted packets. The core issue is missing closing of a file in case of an error condition, resulting in the 404 error for each further file request. Users ca...