CVE Catalog

CVE-2025-65882

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.54%

42th percentile - higher than 42% of all known CVEs

Summary

In OpenMPTCProuter up to version 0.64, a vulnerability was found in the file common/package/utils/sys-upgrade-helper/src/tools/sysupgrade.c in the function create_xor_ipad_opad, allowing potential arbitrary file writes or arbitrary command execution.

Risk Assessment

An attacker could exploit this vulnerability to gain control over the system, leading to data integrity compromise and potential full device takeover.

Recommendation

It is recommended to immediately update OpenMPTCProuter to the latest available version and implement access restrictions to the vulnerable component.

Original NVD description (English source)

An issue was discovered in openmptcprouter thru 0.64 in file common/package/utils/sys-upgrade-helper/src/tools/sysupgrade.c in function create_xor_ipad_opad allowing attackers to potentially write arbitrary files or execute arbitrary commands.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS