Local Memory Access Vulnerability in OpenWrt's Lantiq DSL Driver
CVE-2025-62525

7.9HIGH

Key Information:

Vendor

Openwrt

Status
Openwrt
Vendor
CVE Published:
22 October 2025

What is CVE-2025-62525?

The OpenWrt Project's Lantiq DSL driver contains a vulnerability that allows local users to read and write arbitrary kernel memory. This issue impacts systems using the xrx200, danube, and amazon SoCs in PTM mode. When properly exploited, the vulnerability could enable an attacker to bypass sandboxes, potentially gaining unauthorized access to sensitive data or control over the device. This flaw is resolved in version 24.10.4 and affects devices relying on PTM, while those operating in ATM mode remain unaffected. Users are encouraged to upgrade to the latest version promptly.

Affected Version(s)

openwrt < 24.10.4

References

https://github.com/openwrt/openwrt/security/advisories/GH...
x_refsource_CONFIRM
https://github.com/openwrt/openwrt/commit/2a76abc5442e3f7...
x_refsource_MISC
https://github.com/openwrt/openwrt/commit/e001b31163a7768...
x_refsource_MISC

CVSS V3.1

Score:
7.9
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-62525 : Local Memory Access Vulnerability in OpenWrt's Lantiq DSL Driver