CVE-2025-65882
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk42th percentile - higher than 42% of all known CVEs
Summary
In OpenMPTCProuter up to version 0.64, a vulnerability was found in the file common/package/utils/sys-upgrade-helper/src/tools/sysupgrade.c in the function create_xor_ipad_opad, allowing potential arbitrary file writes or arbitrary command execution.
Risk Assessment
An attacker could exploit this vulnerability to gain control over the system, leading to data integrity compromise and potential full device takeover.
Recommendation
It is recommended to immediately update OpenMPTCProuter to the latest available version and implement access restrictions to the vulnerable component.
Original NVD description (English source)
An issue was discovered in openmptcprouter thru 0.64 in file common/package/utils/sys-upgrade-helper/src/tools/sysupgrade.c in function create_xor_ipad_opad allowing attackers to potentially write arbitrary files or execute arbitrary commands.

