OpenWrt 25.12.1 - Service Release

Hauke Mehrtens hauke at hauke-m.de
Wed Mar 18 16:13:16 PDT 2026 

Hi,

The OpenWrt community is proud to announce the first service release of 
the OpenWrt 25.12 stable series.

Download firmware images using the OpenWrt Firmware Selector:
   * https://firmware-selector.openwrt.org/?version=25.12.1

Download firmware images directly from our download servers:
   * https://downloads.openwrt.org/releases/25.12.1/targets/


Main changes between OpenWrt 25.12.0 and OpenWrt 25.12.1
=========================================================

Only the main changes are listed below. See the [full 
changelog](https://openwrt.org/releases/25.12/changelog-25.12.1) for 
details.


Security fixes
==============

OpenWrt components (Trail of Bits audit, February 2026):
   * CVE-2026-30871: Stack buffer overflow in umdns DNS PTR query 
handling (HIGH)
   * CVE-2026-30872: Stack buffer overflow in umdns IPv6 reverse DNS 
lookup (HIGH)
   * CVE-2026-30873: Memory leak in jsonpath when processing strings, 
labels, and regexp tokens (LOW)
   * CVE-2026-30874: Command execution via PATH environment variable 
filter bypass in procd (LOW)

LuCI:
   * CVE-2026-32721: Possible XSS attack via malicious SSID in LuCI WiFi 
scan modal (HIGH)

Additional hardening from the same Trail of Bits audit (no CVE assigned):
   * odhcpd: fix stack buffer overflow in DHCPv6 Identity Association 
logging
   * procd: fix out-of-bounds write in cgroup path building and cgroup 
rule application


Device support
==============

   * airoha: fix EN7581 PCIe initialization and add x2 (2-lane) link 
support — improves PCIe reliability and unlocks full bandwidth for 
affected devices
   * ath79: TP-Link RE355 v1, RE450 v1/v2: fix partition alignment to 
prevent configuration loss on sysupgrade
   * ipq40xx: Devolo Magic 2 WiFi next: enable device support
   * ipq40xx: re-enable MeshPoint.One target
   * ipq806x: AP3935: fix U-Boot NVMEM layout
   * lantiq: fix GPIO expander clock (gpio-stp-xway) — restores correct 
LED and GPIO behaviour on affected devices
   * lantiq: fix missing WAN MAC address assignment on some devices
   * mediatek: Cudy M3000: add support for hardware variant with 
Motorcomm YT8821 PHY (previously only the Realtek PHY variant was supported)
   * mediatek: TP-Link BE450: fix 10GbE PHY reset timing that caused 
intermittent boot stalls, add missing WLAN toggle button, fix reported 
memory size
   * microchipsw: Novarq Tactical 1000: fix swapped SFP I2C buses for 
ports 1 and 3 — fixes SFP EEPROM read failures
   * ramips: Keenetic KN-1910: fix sysupgrade functionality
   * realtek: RTL838x-based switches: fix non-functional reboot
   * treewide: Linksys devices: fix MAC address assignment


WiFi fixes and improvements
============================

   * mac80211: fix crash triggered by Channel Switch Announcement (CSA) 
when AP VLAN interfaces are in use
   * mt76: add MT7990 firmware support (new MediaTek WiFi 7 chipset)
   * mt76: mt7915: fix power save mode handling
   * mt76: mt7921/MT7902: add MT7902e MCU and DMA layout support
   * mt76: mt7996/mt7992: fix crash in transmit path, fix out-of-bounds 
access during hardware restart, improve MLO/CSA and radar detection support
   * wifi-scripts: fix incorrect VHT160 capability advertisement — was 
incorrectly set on non-160 MHz AP configurations, degrading station 
upload speed (https://github.com/openwrt/openwrt/issues/22435)
   * wifi-scripts: fix malformed wpa_supplicant config when 802.1X EAP 
credentials (identity, password, certificates) contain spaces 
(https://github.com/openwrt/openwrt/issues/22212)


Web interface (LuCI) and system fixes
======================================

   * luci-mod-network: fix XSS vulnerability in WiFi scan modal 
(CVE-2026-32721)
   * ustream-ssl (OpenSSL variant): fix use-after-free crash causing 
uhttpd (the LuCI web server) to crash under high load 
(https://github.com/openwrt/openwrt/issues/19349)


Networking and system fixes
============================

   * firewall4: set as the preferred firewall package over the legacy 
firewall package
   * iptables: prefer the nftables-backed variants (iptables-nft, 
ip6tables-nft) when iptables is pulled in as a dependency
   * kernel: CAKE QoS scheduler fixes — avoid unnecessary 
synchronization overhead when running without a rate limit, fix DiffServ 
rate scaling
   * kernel: SFP: improve Huawei MA5671a module support — module is now 
accessible even when no fiber is connected
   * odhcpd: fix segfault when disabling a DHCP interface, fix DHCPv4 
lease tree corruption, fix truncated field in DHCPv6 lease queries, fix 
DNS search list padding
   * ppp: fix potential memory safety issue (undefined behavior in 
memcpy with overlapping buffers); remove the MRU limit patch for PPPoE 
connections (https://github.com/ppp-project/ppp/pull/573)


Package manager (apk)
======================

   * apk: update to version 3.0.5 with several OpenWrt-specific bug fixes
   * apk: add `--force-reinstall` option to reinstall already-installed 
packages without requiring a version change


Core component updates
=======================

   * apk: update from 3.0.2 to 3.0.5
   * jsonfilter: update from 2025-10-04 to 2026-03-16 (fixes CVE-2026-30873)
   * libubox: update from 2026-02-13 to 2026-03-13 (ABI version 
stabilized for 25.12 stable series)
   * Linux kernel: update from 6.12.71 to 6.12.74
   * odhcpd: update from 2026-01-19 to 2026-03-16
   * omcproxy: update from 2025-10-04 to 2026-03-07
   * procd: update from 2026-02-20 to 2026-03-14 (fixes CVE-2026-30874)
   * umdns: update from 2025-10-04 to 2026-02-06 (fixes CVE-2026-30871, 
CVE-2026-30872)
   * ustream-ssl: update from 2025-10-03 to 2026-03-01


Upgrading to 25.12.1
=====================

Upgrading from 24.10 to 25.12 should be transparent on most devices, as 
most configuration data has either remained the same or will be 
translated correctly on first boot by the package init scripts.
For upgrades within the OpenWrt 25.12 stable series, [Attended 
Sysupgrade](https://openwrt.org/docs/guide-user/installation/attended.sysupgrade) 
is also supported, which allows preserving the installed packages.

  * Sysupgrade from 23.05 or earlier to 25.12 is not officially supported.

  * Cron log level was fixed in busybox. 
`system. at system[0].cronloglevel` should be set to `7` for normal 
logging. `7` is the default now. If this option is not set, the default 
is used and no manual action is needed. 
https://github.com/openwrt/openwrt/commit/fc0c518a88e68d3deef04bec73b33d35186d6546

  * Bananapi BPI-R4: Interface `eth1` was renamed to `sfp-lan` or 
`lan4`, and interface `eth2` was renamed to `sfp-wan` to match the 
labels. You have to upgrade without saving the configuration. 
https://github.com/openwrt/openwrt/commit/cd8dcfef378044a1687adfa3738f01f9a9622baf

  * **TP-Link RE355 v1, RE450 v1 and RE450 v2:** The partition layout 
and block size changed in this release to fix configuration loss on 
sysupgrade. Users upgrading from OpenWrt 25.12.0 or earlier must use 
`sysupgrade -F` to force the upgrade. The image must not exceed 5.875 MB 
(6016 KiB).


Known issues
============

   * Zyxel EX5601-T0: the WAN interface was renamed from `eth1` to `wan` 
— check and update your network configuration after upgrading.
   * Pixel 10 phones have problems connecting to WPA3-protected WiFi 6 
APs. https://github.com/openwrt/openwrt/issues/21486
   * 802.11r Fast Transition (FT) causes connection problems with some 
WiFi clients when WPA3 is used. 
https://github.com/openwrt/openwrt/issues/22200
   * SQM CAKE MQ (`cake_mq`): throughput may be unexpectedly low on some 
configurations after the scheduler fixes in this release. 
https://github.com/openwrt/openwrt/issues/22344
   * 160 MHz channel width cannot be configured. 
https://github.com/openwrt/openwrt/issues/22481

-----------------

Full release notes and upgrade instructions are available at
  https://openwrt.org/releases/25.12/notes-25.12.1

In particular, make sure to read the known issues before upgrading:
  https://openwrt.org/releases/25.12/notes-25.12.1#known_issues

For a detailed list of all changes, refer to
  https://openwrt.org/releases/25.12/changelog-25.12.1

To download the 25.12.1 images, navigate to:
  https://downloads.openwrt.org/releases/25.12.1/targets/
Use OpenWrt Firmware Selector to download:
  https://firmware-selector.openwrt.org?version=25.12.1

As always, a big thank you goes to all our active package maintainers, 
testers, documenters and supporters.

Have fun!

The OpenWrt Community

---

To stay informed of new OpenWrt releases and security advisories, there
are new channels available:

   * a low-volume mailing list for important announcements:
https://lists.openwrt.org/mailman/listinfo/openwrt-announce

   * a dedicated "announcements" section in the forum:
https://forum.openwrt.org/c/announcements/14

   * other announcement channels (such as RSS feeds) might be added in the
     future, they will be listed at https://openwrt.org/contact

More information about the openwrt-devel mailing list