NetX Duo HTTP DoS via Missing File Closure before v6.4.3 (Eclipse ThreadX)
CVE-2025-2260 Published on April 6, 2025
Eclipse ThreadX NetX Duo HTTP component server denial of service
In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before
version 6.4.3, an attacker can cause a denial of service by specially
crafted packets. The core issue is missing closing of a file in case of
an error condition, resulting in the 404 error for each further file
request. Users can work-around the issue by disabling the PUT request
support.
This issue follows an incomplete fix of CVE-2025-0726.
Weakness Type
What is an Insufficient Cleanup Vulnerability?
The software does not properly "clean up" and remove temporary or supporting resources after they have been used.
CVE-2025-2260 has been classified to as an Insufficient Cleanup vulnerability or weakness.
Products Associated with CVE-2025-2260
Want to know whenever a new CVE is published for Eclipse Threadx Netx Duo? stack.watch will email you.
Affected Versions
Eclipse Foundation ThreadX:- Before 6.4.2 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.