24.10.5 patched this CVE:
CVE-2025-14282: Dropbear privilege escalation via Unix domain socket forwarding
As well as updating the kernel and MANY other components.
When will Flint 2 Openwrt be updated to 24.10.5?
6 Likes
never
Even though, it is an escalation vulnerability to access root.
However OpenWrt runs almost everything as root user, with other words the fix won't solve much at security unless you run applications which use different user by default (theres not many on OpenWrt), perhaps on something like docker which includes the docker user, then this can be beneficial.
Hi
Thank you for your report.
It appears to have minimal impact on GL.iNet routers.
Typical OpenWrt deployments operate with only the root user account and do not create additional non-privileged SSH users. In such default configurations, this vulnerability has no practical impact, because the only available SSH user already has full privileges.
However, the vulnerability affects OpenWrt systems where additional local users with SSH access have been created.
We will have our R&D team investigate whether we can:
- Upgrade the OpenWRT version to 24.10.5 on some devices
- Or directly update Dropbear or backport the fix.
2 Likes
You will need to check if it’s been patched here:
GL-iNet’s 24.10 builds are built from mediatek’s patched repo, with added goodies, this allows full Mediatek driver functionality.
So GL will either choose a new version to build from, or patch the existing whilst awaiting for 25.12 to be delivered.
1 Like
The Flint 2 is incredibly secure as long as you update it regularly.
Oh agreed, just look at what’s happening with the latest Opal firmware, WiFi is broken again.
Yes, v4.8.1 and v4.8.2 had just been released at that time, and the VPN function was reconstructed, probably some tunnel scenarios were not perfected, so we quickly made repairs and there was no DNS leak in the newer version. 
1 Like
When the country code is DE, an issue with 5G WIFI. We are checking and have restored the v4.7.2 firmware in download center for users to downgrade.
2 Likes
What are the plans for Flint 2 to get a new Native OpenWrt build “4.x.x-opxx” that is based on OpenWrt v25.12.0-rc1? Could we get a build like that as a Snapshot if it is somewhat automated on your side?
2 Likes
Possible to need adaptation, I’ll let the R&D team to know.
3 Likes
v25.12.0-rc2 is currently being built
That is amazing! Looking forward to it!!!
Built as in for openwrt!
Following a review with our R&D team regarding the recent CVE, we would like to clarify our patching strategy for different firmware versions:
-
For open-source firmware, this issue will be fully resolved in upcoming releases. We are currently working on updating the OpenWrt (OP) base version to incorporate the official upstream fixes.
-
For closed-source stock firmware, since deployment follows a typical OpenWrt setup with only a single root user possessing full privileges, and does not include applications that require non-privileged users, backporting fixes will not be implemented.
1 Like
The release candidates will keep coming for a while. I build my own builds for the Flint 2 but have not done so since 24.10 stable. The GL.iNet user interface is much faster for configuration obviously, and that is why I also like their OEM builds that use the opensource drivers (op24 builds). Hopefully they can build an op25 build that we can play with and test. @Bruce what did you find out in terms of creating an op25 build for the Flint 2 for us?
Hello,
R&D team are coordinating resource to adapt with op25.12.x.
It probably come with the release with GL SDK v4.9, please wait.
2 Likes
Good info. As always, I am willing to test new firmware prior to posting if your development team agrees. Looking forward to v4.9.
1 Like
Many thanks. If possible, will share you the test firmware at that time.
I’d like to test too.
1 Like