CNNVD-202510-015 Information

CNNVD ID

CNNVD-202510-015

Related CVE

CVE-2025-57389

• CNNVD Published: 2025-10-01

Description (Chinese)

OpenWRT Luci LTS是OpenWRT开源的一个 Linux 发行版的 Web 管理界面。 OpenWRT Luci LTS v18.06.2版本存在安全漏洞，该漏洞源于/admin/system/packages端点存在反射型跨站脚本，可能导致执行任意Javascript代码。

Description (English)

OpenWRT Luci LTS is a Linux distribution interface for OpenWRT. OpenWRT Luci LTS v18.06.2 has a security loophole that originates from the reflective cross-site script of the /admin/system/packages endpoint, which may lead to the implementation of any Javascript code.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

OpenWRT

Published

2025-10-01

Last Modified

2026-02-24

References

https://github.com/openwrt/luci/blob/20b3600d4d64bf60588cf4975c7a62104411870e/modules/luci-mod-admin-full/luasrc/view/admin_system/packages.htm#L73 https://github.com/amalcew/CVE-2025-57389