CVE-2025-62526

HIGH EPSS 15.6%
Published Oct 22, 20258mo ago · Modified Jun 17, 20262w ago
7.8 CVSS 3.1
High
Find Similar
Published Oct 22, 2025 8mo ago
Last Modified Jun 17, 2026 2w ago

Description

OpenWrt Project is a Linux operating system targeting embedded devices. Prior to version 24.10.4, ubusd contains a heap buffer overflow in the event registration parsing code. This allows an attacker to modify the head and potentially execute arbitrary code in the context of the ubus daemon. The affected code is executed before running the ACL checks, all ubus clients are able to send such messages. In addition to the heap corruption, the crafted subscription also results in a bypass of the listen ACL. This is fixed in OpenWrt 24.10.4. There are no workarounds.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
15.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-122

Affected Products 1

VendorProductVersionRange
openwrtopenwrt* <24.10.4

References 7

  • github.com https://github.com/openwrt/openwrt/commit/4b907e69ea58fc0ba35fd1755dc4ba22262af3a4
    Patch
  • github.com https://github.com/openwrt/openwrt/commit/a7901969932a175cded3c93bdeb65f32ed3705e6
    Patch
  • github.com https://github.com/openwrt/openwrt/security/advisories/GHSA-cp32-65v4-cp73
    PatchVendor Advisory
  • github.com https://github.com/openwrt/ubus/commit/60e04048a0e2f3e33651c19e62861b41be4c290f
    Patch
  • github.com https://github.com/openwrt/ubus/commit/aa4a7ee1d3417bc11207ad0a78d579ece7fe0c13
    Patch
  • github.com https://github.com/openwrt/ubus/commit/d31effb4277bd557f5ccf16d909422718c1e49d0
    Patch
  • openwrt.org https://openwrt.org/advisory/2025-10-22-1
    Third Party Advisory

Remediation

  • github.com https://github.com/openwrt/openwrt/commit/4b907e69ea58fc0ba35fd1755dc4ba22262af3a4
    Patch
  • github.com https://github.com/openwrt/openwrt/commit/a7901969932a175cded3c93bdeb65f32ed3705e6
    Patch
  • github.com https://github.com/openwrt/openwrt/security/advisories/GHSA-cp32-65v4-cp73
    PatchVendor Advisory
  • github.com https://github.com/openwrt/ubus/commit/60e04048a0e2f3e33651c19e62861b41be4c290f
    Patch
  • github.com https://github.com/openwrt/ubus/commit/aa4a7ee1d3417bc11207ad0a78d579ece7fe0c13
    Patch
  • github.com https://github.com/openwrt/ubus/commit/d31effb4277bd557f5ccf16d909422718c1e49d0
    Patch