CNNVD-202510-2425 Information

CNNVD ID

CNNVD-202510-2425

Related CVE

CVE-2025-55099

• CNNVD Published: 2025-10-17

Description (Chinese)

Eclipse ThreadX USBX是Eclipse ThreadX开源的一个USB主机、设备和移动嵌入式堆栈。 Eclipse ThreadX USBX 6.4.3之前版本存在缓冲区错误漏洞，该漏洞源于解析攻击者控制的频率字段描述符时存在潜在越界读取问题。

Description (English)

Eclipse ThreadX USBX is a USB host, device and mobile embedded stack from Eclipse ThreadX open source. The previous version of Eclipse ThreadX USBX 6.4.3 had an error loophole in the buffer zone, which stemmed from a potential cross-border reading problem when deconstructing the frequency field descriptors controlled by the attackers.

Hazard Level

High

Vulnerability Type

缓冲区错误

Affected Vendor

Eclipse ThreadX

Published

2025-10-17

Last Modified

2026-02-24

References

https://github.com/eclipse-threadx/usbx/security/advisories/GHSA-93mv-fcpr-9488 https://access.redhat.com/security/cve/cve-2025-55099

Patch

https://github.com/eclipse-threadx/usbx/releases