Is CVE-2025-62525 actively exploited?

CVE-2025-62525 has no public evidence of in-the-wild exploitation as of 2025-10-30.

What is the CVSS score for CVE-2025-62525?

CVE-2025-62525 has a CVSS score of 7.9 (HIGH severity). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H.

How do I patch CVE-2025-62525?

Patch guidance is available from openwrt security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2025-62525.

Fix CVE-2025-62525 - HIGH openwrt openwrt

Description

OpenWrt Project is a Linux operating system targeting embedded devices. Prior to version 24.10.4, local users could read and write arbitrary kernel memory using the ioctls of the ltq-ptm driver which is used to drive the datapath of the DSL line. This only effects the lantiq target supporting xrx200, danube and amazon SoCs from Lantiq/Intel/MaxLinear with the DSL in PTM mode. The DSL driver for the VRX518 is not affected. ATM mode is also not affected. Most VDSL lines use PTM mode and most ADSL lines use ATM mode. OpenWrt is normally running as a single user system, but some services are sandboxed. This vulnerability could allow attackers to escape a ujail sandbox or other contains. This is fixed in OpenWrt 24.10.4. There are no workarounds.

CVSS Metrics

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H
Attack Vector: local
Complexity: low
Privileges: low
User Action: none
Scope: changed
Confidentiality: low
Integrity: low
Availability: high
Weaknesses: CWE-20 · Improper Input Validation CWE-125 · Out-of-bounds Read CWE-787 · Out-of-bounds Write

Metadata

Primary Vendor: OPENWRT
Published: 10/22/2025
Last Modified: 10/30/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

openwrt : openwrt

Remediation Guidance

Executive Summary

Cite this page

CVE-2025-62525. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2025-62525

View on NIST NVD

CVE-2025-62525 vulnerability