CVE-2025-55093 is a buffer over-read vulnerability classified under CWE-126, affecting the NetX Duo TCP/IP stack developed by the Eclipse Foundation. Specifically, the vulnerability resides in the _nx_ipv4_packet_receive() function, which handles incoming IPv4 packets, including unicast DHCP messages. In versions prior to 6.4.4, this function improperly processes certain DHCP packets, leading to an out-of-bounds read that corrupts 4 bytes of memory. This flaw arises from insufficient bounds checking when parsing DHCP message data, which can cause the system to read beyond the allocated buffer. The vulnerability can be exploited remotely without authentication or user interaction by sending crafted unicast DHCP packets to a device running the vulnerable NetX Duo version. Although the corruption is limited to 4 bytes, it can result in information disclosure or destabilize the network stack, potentially leading to denial of service or facilitating further attacks. No patches were linked at the time of publication, but upgrading to version 6.4.4 or later is expected to resolve the issue. No known exploits have been reported in the wild, but the network-exposed nature of DHCP services makes this a concern for embedded and IoT devices relying on NetX Duo for networking. The CVSS v4.0 score of 6.9 reflects a medium severity, considering the network attack vector, lack of required privileges, and limited impact on confidentiality and integrity without availability compromise.

For European organizations, the primary impact of CVE-2025-55093 lies in the potential compromise of embedded and IoT devices that utilize NetX Duo for network connectivity, especially those relying on DHCP for IP configuration. Exploitation could lead to memory corruption, which may cause information leakage or destabilize the device's networking stack, resulting in intermittent connectivity issues or denial of service. This can disrupt critical industrial control systems, smart infrastructure, or other networked embedded applications prevalent in sectors like manufacturing, energy, and transportation. The vulnerability's remote exploitability without authentication increases the attack surface, particularly in environments where devices are exposed to untrusted networks or insufficiently segmented internal networks. Although no active exploits are known, the presence of this flaw could be leveraged by attackers to gain footholds or pivot within networks. The impact on confidentiality and integrity, while limited, is significant enough to warrant attention due to the critical roles these devices often play in operational technology environments.

To mitigate CVE-2025-55093, organizations should prioritize updating NetX Duo to version 6.4.4 or later as soon as the patch becomes available from the Eclipse Foundation. In the interim, network administrators should implement strict network segmentation and isolate devices running vulnerable NetX Duo versions from untrusted networks. Deploying DHCP traffic filtering at network boundaries can prevent malicious unicast DHCP packets from reaching vulnerable devices. Monitoring network traffic for anomalous DHCP packets and employing intrusion detection systems tuned for DHCP anomalies can provide early warning of exploitation attempts. Additionally, organizations should conduct an inventory of embedded and IoT devices using NetX Duo to assess exposure and apply compensating controls such as disabling unnecessary DHCP services or restricting device management interfaces. Vendor engagement is recommended to confirm patch availability and coordinate timely updates. Finally, integrating these devices into a broader vulnerability management and incident response program will enhance resilience against exploitation.