Security Advisory 2025-10-22-2 - ltq-ptm: local privilege escalation (CVE-2025-62525)

DESCRIPTION

Local users could read and write arbitrary kernel memory using the ioctls of the ltq-ptm driver which is used to drive the datapath of the DSL line.

REQUIREMENTS

This only effects the lantiq target supporting xrx200, danube and amazon SoCs from Lantiq/Intel/MaxLinear with the DSL in PTM mode. The DSL driver for the VRX518 is not affected. ATM mode is also not affected. Most VDSL lines use PTM mode and most ADSL lines use ATM mode.

OpenWrt is normally running as a single user system, but some services are sandboxed. This vulnerability could allow attackers to escape a ujail sandbox or other contains.

MITIGATIONS

Upgrade to OpenWrt 24.10.4 or later.

This is fixed in OpenWrt 24.10.4 and later, including snapshots builds since October 15th 2025. Older OpenWrt versions like 23.05 and 22.03 might be affected too, but they are end of life and do not receive any security support any more.

AFFECTED VERSIONS

All versions older than OpenWrt 24.10.4.

CREDITS

Thank you Stanislav Fort from Aisle Research for reporting this to us.

REFERENCES

This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
  • Last modified: 2025/10/22 09:38
  • by hauke