USBX<=6.4.2 OOB Read in HID Descriptor Parsing
CVE-2025-55096 Published on October 17, 2025

Inadequate bounds check and potential underflow in _ux_host_class_hid_report_descriptor_get()
In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_hid_report_descriptor_get() when parsing a descriptor of an USB HID device.

Vendor Advisory NVD

Weakness Type

What is an Integer underflow Vulnerability?

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result. This can happen in signed and unsigned cases.

CVE-2025-55096 has been classified to as an Integer underflow vulnerability or weakness.

Affected Versions

Eclipse Foundation NetX Duo:

Before 6.4.3 is affected.

Exploit Probability

EPSS

0.03%

Percentile

6.57%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

USBX<=6.4.2 OOB Read in HID Descriptor ParsingCVE-2025-55096 Published on October 17, 2025

Weakness Type

What is an Integer underflow Vulnerability?

Affected Versions

Exploit Probability

USBX<=6.4.2 OOB Read in HID Descriptor Parsing
CVE-2025-55096 Published on October 17, 2025