CVE-2025-62526

Name of the Vulnerable Software and Affected Versions OpenWrt versions prior to 24.10.4

Description The ubusd component in the OpenWrt operating system has a heap buffer overflow in the event registration parsing code. Exploitation may allow an attacker to modify data and potentially execute arbitrary code within the context of the ubus daemon. The affected code runs before Access Control List (ACL) checks, meaning all ubus clients can send messages that trigger this issue. Additionally, a crafted subscription can bypass the listen ACL.

Recommendations Versions prior to 24.10.4 should be updated to version 24.10.4 or later.