Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Eclipse Foundation — Vulnerabilities & Security Advisories 95

Browse all 95 CVE security advisories affecting Eclipse Foundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

The Eclipse Foundation operates as a non-profit organization managing an open-source ecosystem, primarily hosting the Eclipse Integrated Development Environment (IDE) and related tooling. Its infrastructure supports a vast array of plugins and projects, creating a complex attack surface that has historically resulted in numerous security vulnerabilities. Recorded Common Vulnerabilities and Exposures (CVEs) frequently involve remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from input validation errors or insecure default configurations within specific plugins rather than the core platform itself. While the Foundation maintains rigorous governance and security advisory processes, the decentralized nature of its project portfolio means individual components may lag in patching. Notable incidents have highlighted risks associated with supply chain dependencies and outdated libraries within the broader ecosystem. Consequently, users must prioritize regular updates and strict plugin vetting to mitigate exposure to these historically common vulnerability classes.

Top products by Eclipse Foundation: ThreadX NetX Duo Eclipse Glassfish Jetty Mosquitto Eclipse Jetty USBX Eclipse OMR Eclipse BaSyx Eclipse OpenMQ Vert.x NextX Duo Eclipse Vert.x Open J9 Eclipse OpenJ9 OpenJ9 Glassfish Parsson Eclipse Kura Installer Eclipse Ditto Eclipse KUKSA - Databroker Eclipse JGit Eclipse Theia - Website Eclipse ThreadX - USBX Eclipse ThreadX Eclipse ThreadX - NetX Duo BlueChi paho.mqtt.golang (Go MQTT v3.1 library) Jersey Eclipse RAP
CVE IDTitleCVSSSeverityPublished
CVE-2025-55093 Out of bound read and write in _nx_ipv4_packet_receive() when handling unicast DHCP messages — NetX DuoCWE-126 9.8AICriticalAI2025-10-17
CVE-2025-55092 Potential out of bound read in _nx_ipv4_option_process() — NetX DuoCWE-125 5.3AIMediumAI2025-10-17
CVE-2025-55091 Potential out of bound read in _nx_ip_packet_receive() — NetX DuoCWE-125 8.2AIHighAI2025-10-16
CVE-2025-55090 Potential out of bound read issue in _nx_ipv4_packet_receive() in NetX Duo — NetX DuoCWE-125 5.3AIMediumAI2025-10-16
CVE-2025-55089 Eclipse ThreadX FileX RAM disk driver buffer overflow — FileXCWE-119 9.1AICriticalAI2025-10-16
CVE-2025-55084 Out of bound read in _nx_secure_tls_proc_clienthello_supported_versions_extension() — NetX DuoCWE-126 8.8AIHighAI2025-10-16
CVE-2025-55083 Broken bounds check in Broken bounds check in _nx_secure_tls_process_clienthello_psk_extension() — NetX DuoCWE-126 5.3AIMediumAI2025-10-15
CVE-2025-55082 Potential out of bound read and info leak in_nx_secure_tls_psk_identity_find() — NetX DuoCWE-125 8.2AIHighAI2025-10-15
CVE-2025-55081 Potential out of bound read in _nx_secure_tls_process_clienthello() — NetX DuoCWE-126 8.2AIHighAI2025-10-15
CVE-2025-55080 Improper Parameter Check in ThreadX Syscall Implementation — ThreadXCWE-233 9.1AICriticalAI2025-10-15
CVE-2025-55079 Missing check for thread priority — ThreadXCWE-770 7.5AIHighAI2025-10-15
CVE-2025-55078 Incomplete validation of kernel object pointers in system calls — ThreadXCWE-233 7.5AIHighAI2025-10-14
CVE-2025-7962 Eclipse Jakarta Mail 安全漏洞 — Jakarta MailCWE-147 7.5 -2025-07-21
CVE-2024-9408 Eclipse GlassFish 代码问题漏洞 — Eclipse GlassfishCWE-918 9.8 -2025-07-16
CVE-2024-10032 Eclipse GlassFish 跨站脚本漏洞 — Eclipse GlassfishCWE-79 4.8 -2025-07-16
CVE-2024-10031 Eclipse GlassFish 跨站脚本漏洞 — Eclipse GlassfishCWE-79 5.4 -2025-07-16
CVE-2024-10029 Eclipse GlassFish 跨站脚本漏洞 — Eclipse GlassfishCWE-79 6.1 -2025-07-16
CVE-2024-9343 Eclipse GlassFish 跨站脚本漏洞 — Eclipse GlassfishCWE-79 4.8 -2025-07-16
CVE-2024-9342 Eclipse GlassFish 安全漏洞 — Eclipse GlassfishCWE-307 9.8 -2025-07-16
CVE-2025-6705 Eclipse Open VSX 安全漏洞 — Eclipse Open VSX RegistryCWE-913 9.8AICriticalAI2025-06-27
CVE-2025-4447 Buffer Overflow in Eclipse OpenJ9 — OpenJ9CWE-121 9.8AICriticalAI2025-05-09
CVE-2025-1948 Eclipse Jetty HTTP clients can increase memory allocation — JettyCWE-400 7.5 High2025-05-08
CVE-2024-13009 Eclipse Jetty GZIP buffer release — JettyCWE-404 7.2 High2025-05-08
CVE-2025-2259 Eclipse ThreadX NetX Duo component HTTP server single PUT request integer underflow — ThreadXCWE-191 7.5AIHighAI2025-04-06
CVE-2025-2260 Eclipse ThreadX NetX Duo HTTP component server denial of service — ThreadXCWE-459 7.5AIHighAI2025-04-06
CVE-2025-2258 Eclipse ThreadX NetX Duo HTTP server single PUT request integer underflow — ThreadXCWE-191 7.5AIHighAI2025-04-06
CVE-2024-10838 Integer Underflow in DDS_Security_Deserialize_ methods may lead to OOB read — Eclipse Cyclone DDSCWE-191 9.1 -2025-03-12
CVE-2025-1471 Eclipse OMR: Buffer overflow vulnerability — Eclipse OMRCWE-787 9.8 -2025-02-21
CVE-2025-1470 Eclipse OMR: Null pointer dereference vulnerability — Eclipse OMRCWE-476 7.5 -2025-02-21
CVE-2025-0727 Eclipse ThreadX NetX Duo HTTP server single PUT request integer underflow — ThreadXCWE-191 7.5 -2025-02-21

This page lists every published CVE security advisory associated with Eclipse Foundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.