Eclipse Threadx Netx Duo
Monthly
Denial of service in Eclipse ThreadX NetX Duo HTTP server arises from a flawed remediation of CVE-2025-0728, where the refactored shared cleanup label invokes fx_file_close() on an uninitialized file handle whenever an error occurs before file open. Remote attackers can reach the vulnerable PUT path over the network without authentication, triggering undefined behavior, double-close conditions, or memory corruption that can crash the embedded HTTP service. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Denial of service in Eclipse ThreadX NetX Duo HTTP server arises from a flawed remediation of CVE-2025-0728, where the refactored shared cleanup label invokes fx_file_close() on an uninitialized file handle whenever an error occurs before file open. Remote attackers can reach the vulnerable PUT path over the network without authentication, triggering undefined behavior, double-close conditions, or memory corruption that can crash the embedded HTTP service. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.