Security Report Delivery Issue – Critical Vulnerability in OpenWrt 25.12.0-rc1
麒麟兔
1713408044 at qq.com
Mon Jan 12 00:07:27 PST 2026
Dear OpenWrt Admin Team,
I am writing to report a critical security vulnerability affecting OpenWrt version 25.12.0-rc1.
On January 6, 2026, I attempted to submit a detailed vulnerability report to contact at openwrt.org, but the email was bounced and could not be delivered.
I subsequently sent the same report to security at openwrt.org on January 7, 2026, but have not received any acknowledgment or response as of today (January 12, 2026).
Given the severity of this issue — it could lead to full root-level system compromise when an attacker has administrative access — I am following up via this channel in accordance with OpenWrt’s official security reporting guidelines.
I kindly request that the team:
1. Verify the operational status of the contact at openwrt.org mailbox;
2. Confirm a secure and functional channel for submitting sensitive vulnerability details.
I am ready to re-submit the complete technical report immediately upon request through an appropriate channel.
Reporter: Zhang Xuewen
Email: 1713408044 at qq.com
麒麟兔
1713408044 at qq.com
More information about the openwrt-adm
mailing list