CVE-2025-55085 Web http client: Unchecked Server-Side Malicious Packet Issue

In NextX Duo before 6.4.4, in the HTTP client module, the network support code for Eclipse Foundation ThreadX, the parsing of HTTP header fields was missing bounds verification. A crafted server response could cause undefined behavior...

CVE-2025-55099

In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in uxhostclassaudioalternatesettinglocate when parsing a descriptor with attacker-controlled frequency fields...