Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Reachable over the network via HTTP PUT with no auth or user interaction; trigger is a simple malformed request, and impact is service crash with no confidentiality or integrity loss.
Primary rating from Vendor (eclipse).
CVSS VectorVendor: eclipse
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
The security fix for CVE-2025-0728 in eclipse-threadx NetX Duo refactors error handling in the HTTP server PUT process to use a shared cleanup label, but this unified cleanup path unconditionally calls fx_file_close() even when the file was never successfully opened. Multiple error branches jump to the shared cleanup label before any file open operation has occurred, causing fx_file_close() to operate on an uninitialized file handle, leading to undefined behavior, double-close issues, or memory corruption.
AnalysisAI
Denial of service in Eclipse ThreadX NetX Duo HTTP server arises from a flawed remediation of CVE-2025-0728, where the refactored shared cleanup label invokes fx_file_close() on an uninitialized file handle whenever an error occurs before file open. Remote attackers can reach the vulnerable PUT path over the network without authentication, triggering undefined behavior, double-close conditions, or memory corruption that can crash the embedded HTTP service. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The target must be running the Eclipse ThreadX NetX Duo HTTP server with the PUT method handler enabled and with the CVE-2025-0728 remediation applied (the refactor that introduced the shared cleanup label); devices on a version predating that fix are not affected by this specific bug. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/C:N/I:N/A:H, 7.5) frames this as a remote, unauthenticated availability bug with no confidentiality or integrity impact, which is consistent with a crash/memory-corruption sink reached from an HTTP error path. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with network reach to an embedded device running Eclipse ThreadX NetX Duo's HTTP server sends a crafted HTTP PUT request shaped to trigger one of the early error branches (for example malformed headers, oversized URI, or filesystem-level rejection) before the server reaches the file-open step. Control flow falls through the shared cleanup label, fx_file_close() executes on an uninitialized FX_FILE structure, and the device's HTTP service or full network stack crashes; on memory-constrained MCUs this typically requires a reboot to recover and may corrupt adjacent heap state. … |
| Remediation | No vendor-released patch version is identified at time of analysis in the provided data, so consult the Eclipse security advisory at https://gitlab.eclipse.org/security/cve-assignment/-/work_items/123 and the eclipse-threadx/netxduo GitHub repository for the corrective commit that gates fx_file_close() on a successful prior fx_file_open(), then rebuild and reflash affected firmware once a tagged release is available. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Inventory systems using Eclipse ThreadX NetX Duo HTTP server, document their operational criticality, and implement network access controls restricting PUT requests to trusted sources. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-415 – Double Free
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37999