OpenWrt: Service releases close critical security vulnerabilities

The OpenWrt project has released service releases 25.12.1 and 24.10.6. These fix some minor errors, but also security vulnerabilities classified as critical risks. Anyone using OpenWrt should therefore apply the updates promptly.

The OpenWrt project has released an overview of the changes for Release 25.12.1 and for Release 24.10.6. The vulnerabilities affect the predecessor versions of both development branches equally. Two security vulnerabilities in mdnsd are classified as critical risks. One is a possible buffer overflow on the stack when processing maliciously crafted PTR requests for reverse DNS domains. The vulnerability can be exploited if the daemon receives multicast DNS queries on UDP port 5353 (CVE-2026-30871, CVSS4 9.5, Risk "critical"). The same can happen when processing IPv6 reverse lookups (CVE-2026-30872, CVSS4 9.5, Risk "critical").

In the interface, attackers can misuse the WiFi scan mode for cross-site scripting attacks, as the SSIDs in the display of scan results are treated as raw HTML without any checks or filtering (CVE-2026-32721, CVSS 8.6, Risk "high"). However, two further vulnerabilities that the updates fix only pose a low risk (CVE-2026-30873, CVSS4 2.4; CVE-2026-30874, CVSS4 1.8; both Risk "low").

OpenWrt Updates: Further Fixes

The release overviews each list various other improvements and fixes. Version 24.10.6, for example, updates OpenSSL and thus closes several security vulnerabilities within it. The 25.12.1 version also corrects further vulnerabilities without CVE entries, specifically in odhcpd and procd. Interested parties can also find information there on fixes affecting specific supported devices or components and modules of the operating system. Due to the severity of the vulnerabilities, OpenWrt users should apply the updates promptly.

Version 25.12.0 of OpenWrt was released just about two weeks ago. The most significant change was the switch of the package manager for software management.

(dmk)