Newsy.co

Eclipse and STMicroelectronics vulnerabilities

Eclipse and STMicroelectronics vulnerabilities

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed three vulnerabilities found in Eclipse ThreadX and four vulnerabilities in STMicroelectronics.   

The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy.     

For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website.      

Eclipse vulnerabilities 

Discovered by Kelly Patterson of Cisco Talos.    

Eclipse ThreadX is an embedded development suite including an operating system that provides performance for resource-constrained devices. 

TALOS-2024-2098 (CVE-2025-0726, CVE-2025-2260) A denial of service vulnerability exists in the NetX HTTP server functionality of Eclipse ThreadX NetX Duo git commit 6c8e9d1. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability. 

Two integer underflow vulnerabilities exist in the HTTP server PUT request functionality of Eclipse ThreadX NetX Duo git commit 6c8e9d1, TALOS-2024-2104 (CVE-2025-0727, CVE-2025-2259) and TALOS-2024-2105 (CVE-2025-0728, CVE-2025-2258). Specially crafted network request packets can lead to denial of service. An attacker can send malicious packets to trigger these vulnerabilities. 

STMicroelectronics vulnerabilities 

Discovered by Kelly Patterson of Cisco Talos.    

STMicroelectronics is a European multinational semiconductor contract manufacturing and design company. 

TALOS-2024-2096 (CVE-2024-45064) is a buffer overflow vulnerability in the FileX Internal RAM interface functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted set of network packets can lead to code execution. An attacker can send a sequence of requests to trigger this vulnerability. 

TALOS-2024-2097 (CVE-2024-50384-CVE-2024-50385) is a denial-of-service vulnerability in the NetX Component HTTP server functionality. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability. 

Two integer underflow vulnerabilities exist in the HTTP server PUT request functionality. For TALOS-2024-2102 (CVE-2024-50594-CVE-2024-50595), a specially crafted series of network requests can lead to denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability. For TALOS-2024-2103 (CVE-2024-50596-CVE-2024-50597), a specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.