Heap Buffer Overflow in OpenWrt Ubusd Affects Embedded Devices
CVE-2025-62526

7.9HIGH

Key Information:

Vendor: Openwrt
Status: Openwrt
Vendor: CVE Published:; 22 October 2025

What is CVE-2025-62526?

CVE-2025-62526 is a severe security vulnerability identified in the OpenWrt operating system, which is widely used in embedded devices for network routing and other functionalities. This vulnerability is a heap buffer overflow found within the ubusd daemon, specifically in the event registration parsing functionality. When exploited, it enables an attacker to manipulate the memory allocation, potentially leading to arbitrary code execution within the context of the ubus daemon, which is integral to the operation of OpenWrt's inter-process communication mechanism. The issue is exacerbated by the fact that the code susceptible to attack runs before any access control list (ACL) checks are performed, meaning all ubus clients can potentially send malicious messages that trigger the overflow. OpenWrt has addressed this vulnerability in version 24.10.4. As there are no workarounds available, organizations reliant on vulnerable versions of OpenWrt should prioritize updating to safeguard their embedded systems.

Potential impact of CVE-2025-62526

Arbitrary Code Execution: The vulnerability permits attackers to execute arbitrary code on systems running the affected OpenWrt version, which could compromise the security and integrity of the device. This capability can be exploited to gain unauthorized access and control over the device, leading to broader network vulnerabilities.
Bypassing Access Controls: Exploiting this vulnerability allows attackers not only to execute code but also to bypass established access control mechanisms. This can lead to unauthorized actions being performed on the device and can facilitate further attacks within the network.
Risks to Network Security: Since OpenWrt is commonly used in embedded and networking devices, successful exploitation of CVE-2025-62526 can jeopardize the security of entire networks. Compromised devices may be used for data exfiltration, further attacks, or incorporation into larger botnets, posing significant risks to organizational IT infrastructure.