Join the Cyber Forum: Threat Intel on May 12, 2026 to learn how AI is reshaping threat defense.Join the Virtual Cyber Forum: Threat IntelRegister Now
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI for Security
      Leading the Way in AI-Powered Security Solutions
    • Securing AI
      Accelerate AI Adoption with Secure AI Tools, Apps, and Agents.
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • AI Data Pipelines
      Security Data Pipeline for AI SIEM and Data Optimization
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    • Singularity Identity
      Identity Threat Detection and Response
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-Powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Securing AI
    • Prompt Security
      Secure AI Tools Across Your Enterprise
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-Class Expertise and Threat Intelligence
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      DFIR, Breach Readiness, & Compromise Assessments
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive Solutions for Seamless Security Operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • SentinelOne for Google Cloud
      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale
    • Partner Locator
      Your Go-to Source for Our Top Partners in Your Region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2025-55081

CVE-2025-55081: Eclipse ThreadX NetX Duo Buffer Overflow

CVE-2025-55081 is a buffer overflow vulnerability in Eclipse ThreadX NetX Duo affecting TLS client hello processing. Attackers can exploit missing length verification to cause out-of-bound reads. This article covers details.

Published: March 18, 2026

CVE-2025-55081 Overview

CVE-2025-55081 is an out-of-bounds read vulnerability discovered in Eclipse Foundation NextX Duo, a networking module of ThreadX. The flaw exists in the _nx_secure_tls_process_clienthello() function, which fails to properly verify the length of certain SSL/TLS client hello message fields—specifically the ciphersuite length and compression method length. When an attacker sends a crafted message with values outside the expected range, the application can read memory beyond the intended buffer boundaries, potentially exposing sensitive information.

Critical Impact

Network-accessible out-of-bounds read vulnerability in TLS handshake processing that could allow remote attackers to leak sensitive memory contents from affected IoT and embedded devices.

Affected Products

  • Eclipse ThreadX NetX Duo versions before 6.4.4
  • Embedded systems and IoT devices using vulnerable ThreadX NetX Duo TLS implementations
  • Any application utilizing the _nx_secure_tls_process_clienthello() function for SSL/TLS handshakes

Discovery Timeline

  • October 15, 2025 - CVE-2025-55081 published to NVD
  • October 27, 2025 - Last updated in NVD database

Technical Details for CVE-2025-55081

Vulnerability Analysis

This vulnerability stems from insufficient input validation in the TLS handshake processing code. The _nx_secure_tls_process_clienthello() function is responsible for parsing incoming TLS Client Hello messages during the SSL/TLS handshake process. Client Hello messages contain several variable-length fields, including the list of supported cipher suites and compression methods.

The vulnerable function fails to properly validate two critical length fields before using them to read data from the message buffer. Without proper bounds checking, an attacker can specify length values that exceed the actual message size or buffer boundaries, causing the function to read memory beyond the intended buffer. This type of flaw falls under CWE-125 (Out-of-bounds Read) and CWE-126 (Buffer Over-read).

Given that ThreadX NetX Duo is widely deployed in embedded systems and IoT devices, this vulnerability is particularly concerning as it affects network-facing TLS functionality that may be exposed to untrusted networks.

Root Cause

The root cause is missing length verification in the _nx_secure_tls_process_clienthello() function. Specifically, the function does not validate that the ciphersuite length and compression method length values provided in the Client Hello message are within acceptable bounds before using them to index into the message buffer. This omission allows maliciously crafted messages to trigger reads beyond the allocated buffer space.

Attack Vector

The attack vector is network-based and requires no authentication or user interaction. An attacker can exploit this vulnerability by:

  1. Initiating a TLS connection to a vulnerable ThreadX NetX Duo server
  2. Sending a specially crafted Client Hello message with manipulated ciphersuite length or compression method length fields
  3. The server processes the malformed message without proper validation
  4. Memory contents beyond the intended buffer boundaries are read

The vulnerability is exploited during the TLS handshake phase, meaning any network-exposed TLS service running on vulnerable ThreadX NetX Duo implementations is potentially at risk. While this is classified as an information disclosure vulnerability, the leaked memory could contain sensitive data such as cryptographic keys, session tokens, or other confidential information.

Detection Methods for CVE-2025-55081

Indicators of Compromise

  • Unusual or malformed TLS Client Hello messages with abnormal ciphersuite or compression method length values
  • TLS handshake failures accompanied by unexpected memory access patterns
  • Network traffic containing Client Hello messages with length fields exceeding standard protocol boundaries
  • Application crashes or unexpected behavior during TLS handshake processing

Detection Strategies

  • Deploy network intrusion detection systems (NIDS) with rules to identify malformed TLS Client Hello messages
  • Monitor TLS handshake traffic for anomalous length field values in Client Hello messages
  • Implement deep packet inspection for TLS protocol anomalies at network perimeters
  • Review application logs for TLS processing errors or memory access violations

Monitoring Recommendations

  • Enable verbose logging for TLS handshake operations on affected devices
  • Monitor memory usage patterns on embedded devices running ThreadX NetX Duo
  • Establish baseline TLS traffic patterns to detect anomalous Client Hello messages
  • Deploy SentinelOne Singularity Platform for real-time threat detection and response on supported embedded endpoints

How to Mitigate CVE-2025-55081

Immediate Actions Required

  • Upgrade Eclipse ThreadX NetX Duo to version 6.4.4 or later immediately
  • Audit all deployed embedded systems and IoT devices for vulnerable ThreadX NetX Duo versions
  • Implement network segmentation to limit exposure of vulnerable devices to untrusted networks
  • Consider temporarily disabling TLS services on critical devices until patches can be applied

Patch Information

Eclipse Foundation has addressed this vulnerability in ThreadX NetX Duo version 6.4.4. Organizations should update to this version or later to remediate the out-of-bounds read vulnerability in the TLS Client Hello processing function. Detailed patch information and security advisory are available through the GitHub Security Advisory.

Workarounds

  • Place affected devices behind a TLS-terminating reverse proxy that validates Client Hello messages before forwarding
  • Implement network-level filtering to block malformed TLS handshake packets
  • Restrict network access to TLS services on vulnerable devices to trusted sources only
  • Use firewall rules to limit inbound TLS connections to known, legitimate clients
  • Monitor and alert on suspicious TLS handshake patterns until patching is complete
bash
# Example: Network segmentation using iptables to restrict TLS access
# Limit TLS (port 443) access to trusted network ranges only
iptables -A INPUT -p tcp --dport 443 -s 10.0.0.0/8 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -s 192.168.0.0/16 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j DROP

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypeBuffer Overflow
  • Vendor/TechEclipse Threadx Netx Duo
  • SeverityMEDIUM
  • CVSS Score6.9
  • EPSS Probability0.05%
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Impact Assessment
  • ConfidentialityLow
  • IntegrityNone
  • AvailabilityNone
  • CWE References
  • CWE-126
  • CWE-125
  • Vendor Resources
  • GitHub Security Advisory
  • Related CVEs
  • CVE-2025-55085: Eclipse ThreadX NetX Duo Buffer Overflow
  • CVE-2025-55094: Eclipse ThreadX NetX Duo Buffer Overflow
  • CVE-2025-55087: Eclipse ThreadX NetX Duo Buffer Overflow
  • CVE-2025-55086: Eclipse ThreadX NetX Duo Buffer Overflow
Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2026 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use

English