CVE-2025-55102 is a denial-of-service (DoS) vulnerability identified in the NetX IPv6 component of the Eclipse ThreadX NetX Duo embedded network stack. The vulnerability stems from improper handling of ICMPv6 'Packet Too Big' messages that include more than 15 distinct source addresses. When such a specially crafted packet is received, the NetX Duo component enters a state of uncontrolled resource consumption, exhausting system resources such as memory or CPU cycles, ultimately leading to a system crash or hang. This is categorized under CWE-400 (Uncontrolled Resource Consumption), CWE-404 (Improper Resource Shutdown or Release), and CWE-770 (Allocation of Resources Without Limits or Throttling). The vulnerability can be exploited remotely without any authentication or user interaction, making it accessible to any attacker capable of sending IPv6 packets to the target device. The affected product, Eclipse ThreadX NetX Duo, is widely used in embedded systems, including IoT devices, industrial control systems, and other networked appliances. The CVSS v4.0 base score of 8.7 reflects the high impact on availability and the ease of exploitation. No patches or known exploits are currently reported, but the vulnerability poses a significant risk to devices relying on this network stack, especially those exposed to untrusted networks.

For European organizations, the primary impact of CVE-2025-55102 is the potential for denial-of-service attacks against embedded devices running Eclipse ThreadX NetX Duo with IPv6 enabled. This can lead to temporary or prolonged outages of critical IoT devices, industrial controllers, or networked appliances, disrupting operations in sectors such as manufacturing, energy, transportation, and smart infrastructure. The loss of availability could affect production lines, safety systems, or data collection processes, leading to financial losses and operational delays. Since the vulnerability can be triggered remotely without authentication, attackers could exploit it from outside the network perimeter if devices are exposed or insufficiently segmented. The impact is heightened in environments where embedded devices are integral to critical infrastructure or where redundancy is limited. Additionally, the inability to process legitimate network traffic during an attack could degrade network performance and complicate incident response.

1. Monitor Eclipse Foundation advisories and apply patches or updates to the NetX Duo component as soon as they become available. 2. Implement network-level filtering to block or rate-limit ICMPv6 'Packet Too Big' messages, especially those containing multiple source addresses, using firewalls or intrusion prevention systems. 3. Segment and isolate embedded devices running NetX Duo from untrusted networks to reduce exposure to external attackers. 4. Employ IPv6 traffic inspection and anomaly detection tools to identify and block malformed or suspicious ICMPv6 packets. 5. Conduct regular security assessments of embedded devices and network stacks to identify outdated or vulnerable components. 6. Collaborate with device vendors to ensure timely firmware updates and security patches. 7. Where possible, disable unnecessary IPv6 functionality or ICMPv6 message types on embedded devices if not required for operation. 8. Maintain robust incident response plans that include embedded device recovery procedures to minimize downtime in case of exploitation.