OpenWrt Patches ubusd RCE Flaw (CVE-2025-62526) and Kernel Memory Leak (CVE-2025-62525) in DSL Driver

The OpenWrt Project has patched two high-severity vulnerabilities affecting its Linux-based firmware for embedded devices. The flaws, tracked as CVE-2025-62526 and CVE-2025-62525, could allow attackers to execute arbitrary code or gain unauthorized access to kernel memory on affected systems. Both issues have been fixed in OpenWrt version 24.10.4 and later.

The first flaw, CVE-2025-62526 (CVSS 7.9), exists in ubusd, the central messaging daemon used for inter-process communication within OpenWrt. According to the advisory, “ubusd contains a heap buffer overflow in the event registration parsing code. This allows an attacker to modify the head and potentially execute arbitrary code in the context of the ubus daemon.”

Because the vulnerable code executes before Access Control List (ACL) checks, any ubus client can send a crafted message to trigger the overflow. The advisory warns that “the affected code is executed before running the ACL checks, all ubus clients are able to send such messages.”

In addition to remote code execution risk, the crafted payload can also bypass access control: “the crafted subscription also results in a bypass of the listen ACL.”

This issue has been resolved in OpenWrt 24.10.4 and in all snapshot builds released since October 18, 2025. However, older versions such as 23.05 and 22.03 remain vulnerable and are no longer supported by the project.

The second vulnerability, CVE-2025-62525 (CVSS 7.9), affects the ltq-ptm driver, which controls the DSL datapath in certain devices using Lantiq, Intel, or MaxLinear chipsets. The advisory explains: “Local users could read and write arbitrary kernel memory using the ioctls of the ltq-ptm driver which is used to drive the datapath of the DSL line.”

The flaw specifically impacts devices using the xrx200, danube, and amazon SoCs operating in Packet Transfer Mode (PTM) — a configuration used by most VDSL lines. Systems using ATM mode (common in ADSL connections) or VRX518 DSL drivers are not affected.

Although OpenWrt typically runs as a single-user system, Trend Research warns that this vulnerability could be used to escape sandboxed environments: “This vulnerability could allow attackers to escape a ujail sandbox or other contains.”

The bug was addressed in OpenWrt 24.10.4 and snapshot builds released since October 15, 2025.

Related Posts:

• CVE-2024-54143: Critical Vulnerability in OpenWrt’s Attended SysUpgrade Server Allows for Firmware Poisoning
• Outdated and Unblocked: Legacy Driver Vulnerability Exploited in Widespread Attack
• Linux Kernel Vulnerability Exposes Local Systems to Privilege Escalation, PoC Published
• NVIDIA GPU Driver Patches Multiple High-Severity Flaws Risking RCE and Privilege Escalation