{"id":"CVE-2025-65882","details":"An issue was discovered in openmptcprouter thru 0.64 in file common/package/utils/sys-upgrade-helper/src/tools/sysupgrade.c in function create_xor_ipad_opad allowing attackers to potentially write arbitrary files or execute arbitrary commands.","modified":"2026-04-10T05:38:52.783064Z","published":"2025-12-09T19:15:49.770Z","references":[{"type":"WEB","url":"http://openmptcprouter.com"},{"type":"FIX","url":"https://github.com/Ysurac/openmptcprouter/commit/09393d1c41a227bea7d5b85c0a06221b1302b25f"},{"type":"EVIDENCE","url":"https://gist.github.com/AradCohen/939ee50d60c4d2bd555a364615a5ab9c"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/Ysurac/openmptcprouter","events":[{"introduced":"0"},{"last_affected":"c8d83dd8da73fa2fe56ca52d36960dfba899e1da"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.64"}]}},{"type":"GIT","repo":"https://github.com/ysurac/openmptcprouter","events":[{"introduced":"0"},{"fixed":"09393d1c41a227bea7d5b85c0a06221b1302b25f"}]}],"versions":["v0.1","v0.10","v0.18","v0.2","v0.25","v0.27","v0.29","v0.3","v0.3.1","v0.30","v0.31","v0.35","v0.36","v0.36.2","v0.36.3","v0.37","v0.37.1","v0.38","v0.39","v0.4","v0.40","v0.41","v0.42","v0.44","v0.45","v0.46","v0.46.1","v0.47.1","v0.49","v0.49.1","v0.49.3","v0.5","v0.5.1","v0.5.2","v0.5.3","v0.5.3.1","v0.50","v0.50.2","v0.51","v0.52","v0.52.2","v0.53","v0.53.1","v0.53.2","v0.53.3","v0.53rc1","v0.54","v0.54rc1","v0.54rc13","v0.54rc2","v0.54rc3","v0.54rc4","v0.56","v0.56.1","v0.56.2","v0.56.3","v0.56.4","v0.56.5","v0.57","v0.57.1","v0.57.2","v0.57.3","v0.57rc1","v0.57rc2","v0.57rc3","v0.57rc4","v0.58","v0.58.1","v0.58.2","v0.58.3","v0.58.4","v0.58.5","v0.58beta1","v0.58beta2","v0.58beta3","v0.58beta4","v0.58beta5","v0.58beta6","v0.58beta7","v0.58rc1","v0.58rc2","v0.58rc3","v0.58rc4","v0.58rc5","v0.59","v0.59.1","v0.59.2alpha","v0.59beta1","v0.59beta2","v0.59beta3","v0.59beta4","v0.59beta5","v0.59beta6","v0.59beta7","v0.59beta8","v0.59rc1","v0.59rc2","v0.59rc3","v0.6","v0.60","v0.60-snapshot","v0.60beta1","v0.60beta2","v0.60rc1","v0.60rc2","v0.61","v0.61-snapshot","v0.61rc1","v0.61rc2","v0.61rc3","v0.62","v0.62-snapshot","v0.62rc1","v0.63","v0.63-snapshot","v0.63rc1","v0.64-snapshot","v0.7","v0.7.2","v0.7.3","v0.8","v0.9","v0.9.1","v0.9.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-65882.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}