HIGH🇵🇱 Wersja polska

CVE-2025-55080

CVSS 7.2v4.0pub. 2025-10-15upd. 2025-10-22

In Eclipse ThreadX before 6.4.3, when memory protection is enabled, syscall parameters verification wasn't enough, allowing an attacker to obtain an arbitrary memory read/write.

CVSS Vector
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Eclipse Threadx

    APP
    Eclipse
    < 6.4.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-0648HIGH7.8ten sam produkt

The vulnerability stems from an incorrect error-checking logic in the CreateCounter() function (in threadx/uti...

CVE-2024-2212HIGH7.3ten sam produkt

In Eclipse ThreadX before 6.4.0, xQueueCreate() and xQueueCreateSet() functions from the FreeRTOS compatibil...

CVE-2024-2214HIGH7.0ten sam produkt

In Eclipse ThreadX before version 6.4.0, the _Mtxinit() function in the Xtensa port was missing an array size...

CVE-2025-55079MEDIUM5.7ten sam produkt

In Eclipse ThreadX before version 6.4.3, the thread module has a setting of maximum priority. In some cases th...

CVE-2025-55078MEDIUM5.7ten sam produkt

In Eclipse ThreadX before version 6.4.3, an attacker can cause a denial of service (crash) by providing a poin...