CVE-2025-62525

OpenWrt Project is a Linux operating system targeting embedded devices. Prior to version 24.10.4, local users could read and write arbitrary kernel memory using the ioctls of the ltq-ptm driver which is used to drive the datapath of the DSL line. This only effects the lantiq target supporting xrx200, danube and amazon SoCs from Lantiq/Intel/MaxLinear with the DSL in PTM mode. The DSL driver for the VRX518 is not affected. ATM mode is also not affected. Most VDSL lines use PTM mode and most ADSL lines use ATM mode. OpenWrt is normally running as a single user system, but some services are sandboxed. This vulnerability could allow attackers to escape a ujail sandbox or other contains. This is fixed in OpenWrt 24.10.4. There are no workarounds.

CVSS v3 7.9 HIGH

7.9^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.0 / Impact : 5.3

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://github.com/openwrt/openwrt/commit/2a76abc5442e3f74d95b4caa9bb57e5488fc132e
https://github.com/openwrt/openwrt/commit/e001b31163a77683ee741d169f794cfa50926f37
https://github.com/openwrt/openwrt/security/advisories/GHSA-h427-frpr-7cqr
https://openwrt.org/advisory/2025-10-22-2

Configurations

No configuration.

History

22 Oct 2025, 15:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-10-22 15:16

Updated : 2025-10-22 21:12

NVD link : CVE-2025-62525

Mitre link : CVE-2025-62525

CVE.ORG link : CVE-2025-62525

JSON object : View

Products Affected

No product.

CWE

CWE-20

Improper Input Validation

CWE-125

Out-of-bounds Read

CWE-787

Out-of-bounds Write

7.9 /10