CVE-2025-55095 is a stack-based buffer overflow vulnerability identified in the Eclipse Foundation's Eclipse ThreadX USBX component, which is a USB host stack used in embedded systems. The vulnerability exists in the function _ux_host_class_storage_media_mount(), which is responsible for mounting partitions on USB mass storage devices. This function recursively processes partition tables by calling itself when it encounters extended partitions (types UX_HOST_CLASS_STORAGE_PARTITION_EXTENDED or EXTENDED_LBA_MAPPED). The recursion occurs within _ux_host_class_storage_partition_read(), which parses up to four partition entries per call. However, there is no mechanism to limit recursion depth or track previously visited sectors. Consequently, a malicious or malformed USB disk image can be crafted with cyclic or excessively deep chains of extended partitions. This causes uncontrolled recursion leading to a stack overflow, which can crash the system or potentially allow execution of arbitrary code depending on the system's memory protections. The vulnerability requires local access to the device and user interaction to mount the malicious USB device. The CVSS 3.1 base score is 4.2 (medium), reflecting the need for local privileges, high attack complexity, and user interaction. The impact affects confidentiality, integrity, and availability to a limited extent. No public exploits or patches are currently available, but the vulnerability is published and should be addressed proactively. This issue is categorized under CWE-121 (stack-based buffer overflow) and CWE-674 (uncontrolled recursion).

For European organizations, the primary impact of CVE-2025-55095 is the risk of denial of service on embedded or IoT devices that utilize Eclipse ThreadX USBX for USB mass storage handling. Such devices may be found in industrial control systems, medical devices, telecommunications equipment, and consumer electronics. A successful exploit could cause system crashes or reboots, disrupting operations and potentially causing safety or reliability issues. Confidentiality and integrity impacts are limited but possible if an attacker can leverage the overflow to execute arbitrary code, though this is less likely given the complexity and required conditions. Organizations relying on USB mass storage devices in critical infrastructure or manufacturing environments may face operational downtime or degraded service. The vulnerability's requirement for local access and user interaction limits remote exploitation but does not eliminate insider threat or supply chain risks. Overall, the threat is moderate but should be addressed to maintain system stability and security compliance.

1. Apply patches or updates from the Eclipse Foundation or device vendors as soon as they become available to fix the recursion and overflow issue. 2. Implement input validation and sanity checks on partition tables before mounting USB mass storage devices, including limiting recursion depth and detecting cyclic partition references. 3. Employ runtime protections such as stack canaries, DEP (Data Execution Prevention), and ASLR (Address Space Layout Randomization) on affected devices to reduce exploitability. 4. Restrict physical access to devices and enforce strict USB device usage policies to prevent unauthorized insertion of malicious USB devices. 5. Monitor device logs and behavior for abnormal USB mount failures or crashes that could indicate exploitation attempts. 6. For critical environments, consider disabling USB mass storage support if not required or using USB device whitelisting solutions. 7. Collaborate with device manufacturers to ensure secure firmware updates and vulnerability management processes are in place.