CVE-2025-62525

CVSS v3.1

8.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OpenWrt versions prior to 24.10.4

Description OpenWrt is a Linux operating system designed for embedded devices. A flaw exists in the ltq-ptm driver, which manages the data path for DSL lines. Prior to version 24.10.4, local users can read and write to arbitrary kernel memory using the driver’s ioctls. This impacts the lantiq target supporting xrx200, danube, and amazon SoCs from Lantiq/Intel/MaxLinear when using DSL in PTM mode. The VRX518 DSL driver and ATM mode are not affected. The issue could allow attackers to escape sandboxes or other containers.

Recommendations Versions prior to 24.10.4 should be updated to version 24.10.4 or later.

Exploit

Fix

Out of bounds Read

Memory Corruption

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-787CWE-20

Related Identifiers

BDU:2025-15978

CVE-2025-62525

GHSA-H427-FRPR-7CQR

Affected Products

Openwrt

Vrx518

Amazon

Danube

Ltq-Ptm

Xrx200

CVE-2025-62525

Weakness Enumeration

Related Identifiers

Affected Products

References · 20