NetX Duo <6.4.2 HTTP Server DoS via PUT File Leak
CVE-2025-0726 Published on February 21, 2025
Eclipse ThreadX NetX Duo HTTP server denial of service
In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before
version 6.4.2, an attacker can cause a denial of service by specially
crafted packets. The core issue is missing closing of a file in case of
an error condition, resulting in the 404 error for each further file
request. Users can work-around the issue by disabling the PUT request
support.
Weakness Type
What is an Insufficient Cleanup Vulnerability?
The software does not properly "clean up" and remove temporary or supporting resources after they have been used.
CVE-2025-0726 has been classified to as an Insufficient Cleanup vulnerability or weakness.
Products Associated with CVE-2025-0726
Want to know whenever a new CVE is published for Eclipse Threadx Netx Duo? stack.watch will email you.
Affected Versions
Eclipse Foundation ThreadX:- Before 6.4.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.