OpenWrt 25.12.3 Changelog

This changelog lists all commits done in OpenWrt since the v25.12.2 tag, grouped by subsystem. The changes are chronologically ordered from top to bottom and cover the Git repository history until the tagging of the 25.12.3 release.

See also the release notes that provide a more accessible overview of the main changes in 25.12.3.

8991565 scripts/ext-tools.sh: set all prebuilt tool files to same timestamp (+4,-8)
50d801d build: do not set CCACHE_COMPILERCHECK (-1)
c0d5d8f filogic: add support for D-Link AQUILA PRO AI E30 (+269,-1)

d87f1e2 toolchain: gcc: 14/15: fix libcody compilation with GCC16 (+518)
956a6e2 toolchain: gcc: fix include memory against GCC 16 (+72)

6bd35b6 kernel: add kmods for vsockets over virtio (+56)
34f5713 generic: config-6.12: update with new symbols (+2)
3efb676 kernel: bump 6.12 to 6.12.75 (+185,-305)
3e3c12d kernel: bump 6.12 to 6.12.76 (+2,-2)
5c59e2f kernel: bump 6.12 to 6.12.77 (+63,-161)
ff235f0 kernel: bump 6.12 to 6.12.78 (+128,-579)
336c781 kernel: bump 6.12 to 6.12.79 (+2,-2)
0a0ed86 generic: backport field_prep()/get() for non-const bitmask (+350)
c3d15a6 kernel: bump 6.12 to 6.12.80 (+33,-33)
b00d263 kernel: bump 6.12 to 6.12.81 (+232,-315)
ff50ccf kernel: bump 6.12 to 6.12.82 (+3,-209)
098ecd6 kernel: bump 6.12 to 6.12.83 (+44,-44)
8a85437 kernel: bump 6.12 to 6.12.84 (+45,-45)
b9862b0 kernel: bump 6.12 to 6.12.85 (+2,-2)

413b237 uboot-mediatek: add support for Zyxel WX5600-T0 (+426,-1)
6c2304f mediatek: add support for Zyxel WX5600-T0 (+421,-2)
eaade72 uboot-env: ath79: add wndap360 (+2,-1)
99a502b uboot-envtools: add extreme-networks,ws-ap3805i (+4)
c2cf3ab uboot-at91: fix wrong BUILD_DEVICES for sama5d4_xplained_nandflash (+1,-1)
4a45e39 ramips: add support for EDUP EP-RT2983 (+224,-8)
c0d5d8f filogic: add support for D-Link AQUILA PRO AI E30 (+269,-1)

396fe23 apk: point help message to openwrt wiki (+13)
b2685ce apk: add help text for 'apk add --force-reinstall' (+15,-4)
f778841 wifi-scripts: fix ucode erp_domain and fils_cache_id values (+3,-2)
63329ad mbedtls: update to 3.6.6 (+3,-3)
7118a5b openssl: update to 3.5.6 (+2,-2)
8fc7a3d wifi-scripts: add EHT rates to set_fixed_freq (+7,-5)
4393dc8 xdp-tools: update to 1.5.8 (+97,-230)
4c8386e xdp-tools: add patch to fix stddef.h build issue (+64)
8b792e7 xdp-tools: bump PKG_RELEASE (+1,-1)
2823096 xdp-tools: update to 1.6.3 (+33,-67)
37326a2 xdp-tools: fix musl build issues (+412,-4)
8bb268a wifi-scripts: ucode: add bridge_isolate and network_vlan to schema (+11)
e840fbf wifi-scripts: ucode: add missing fields for station/vlan schema (+44)
06af2e2 wolfssl: update to 5.9.0 (+3,-3)
da8b65d wolfssl: update to 5.9.1 (+3,-3)
7014bb7 ca-certificates: update to 20260223 (+3,-3)
6639b15 mbedtls: backport upstream patches to fix TLS 1.2 client issues (+321,-1)

d887320 linux-firmware: update to 20260110 (+2,-2)
b7feb32 linux-firmware: update to 20260221 (+2,-2)
00dcdd7 firmware: Add support for Airoha EN7581/AN7583 NPU variant firmware (+25)
f49d452 wireless-regdb: update to version 2026.03.18 (+2,-2)

ca11c6b base-files: MAJOR/MINOR not sequential, use DISKSEQ instead (+10,-10)
89a3a0d base-files: sysupgrade: fix -f with space in bkp path (+1,-1)
8ab6744 base-files: sysupgrade: update backup exclusion list (+4)
7142409 base-files: sysupgrade: -u option was broken with apk (+10,-2)

fcd535c umbim: introduce devpath option (+40,-4)
8a18e84 uqmi: introduce devpath option (+40,-4)

3efb676 kernel: bump 6.12 to 6.12.75 (+185,-305)
ff235f0 kernel: bump 6.12 to 6.12.78 (+128,-579)
84d75a3 airoha: add the capability to read firmware names from dts (+127)
d7fe2c7 airoha: npu: Init BA memory region if provided via DTS (+42,-2)
3a6e94e airoha: an7583: fix wrong clock for SPI and SLIC (+3,-3)
4d9eeb8 airoha: reduce HWRNG quality (+57)
2c8fff4 airoha: renumber ASoC and PCS patch for more backport patch ()
c685890 airoha: backport some missing airoha_eth upstream patches (+1.0K,-56)
23bcea0 airoha: rework and backport for multi-serdes prep (+345,-18)
659df25 airoha: refresh the patches (+2,-32)
36e1e9c airoha: drop duplicate patch replaced by backport version (-155)
d78923d airoha: backport minor fix for Ethernet offload (+143,-23)
49d7ee7 airoha: backport patches for memleak and multi-serdes (+828,-30)
919361f airoha: fix compilation error from VIP backport patch (+9)
d2722ea airoha: backport QDMA rx queue descriptor setup optimization (+92,-23)
b00d263 kernel: bump 6.12 to 6.12.81 (+232,-315)

a25e9cf ath79: mikrotik: fix DEVICE_PACKAGES (+1,-1)
72feb5b ath79: wndap360: fix ethernet (+2)
55f5b2f ath79: wndap360: add owl loader (+1)
b6a8b8a ath79: wndap360: use default 9600 baud rate (+4)
3efb676 kernel: bump 6.12 to 6.12.75 (+185,-305)
ff235f0 kernel: bump 6.12 to 6.12.78 (+128,-579)
518e454 ath79: wndap360: add green LED definition (+7,-1)
c85f123 ath79: wndap360: don't pass bootloader args (+1,-1)
f70631c ath79: wndap360: use lzma-loader for kernel (+3,-2)
d745c23 ath79: wndap360: fix sysupgrade (+2,-3)
4bd0c98 ath79: enterasys,ws-ap3805i: fix u-boot env (+2,-1)
b00d263 kernel: bump 6.12 to 6.12.81 (+232,-315)
098ecd6 kernel: bump 6.12 to 6.12.83 (+44,-44)

3efb676 kernel: bump 6.12 to 6.12.75 (+185,-305)
5c59e2f kernel: bump 6.12 to 6.12.77 (+63,-161)
ff235f0 kernel: bump 6.12 to 6.12.78 (+128,-579)
c3d15a6 kernel: bump 6.12 to 6.12.80 (+33,-33)
b00d263 kernel: bump 6.12 to 6.12.81 (+232,-315)
098ecd6 kernel: bump 6.12 to 6.12.83 (+44,-44)

ff235f0 kernel: bump 6.12 to 6.12.78 (+128,-579)

3efb676 kernel: bump 6.12 to 6.12.75 (+185,-305)

3efb676 kernel: bump 6.12 to 6.12.75 (+185,-305)
b36e116 chromium: Add #{address,size}-cells to /firmware (+10)
ff50ccf kernel: bump 6.12 to 6.12.82 (+3,-209)

b36e116 chromium: Add #{address,size}-cells to /firmware (+10)

3efb676 kernel: bump 6.12 to 6.12.75 (+185,-305)

c09f5e0 lantiq: fix u-boot env size for Netgear DGN3500 (+1)
39f7577 lantiq: fix mtdparsers refcount leak and memory leak (+16,-12)
3efb676 kernel: bump 6.12 to 6.12.75 (+185,-305)

0beb242 mediatek: filogic: kn-1812: fix phy reset deassert (+1,-1)
470e723 mediatek: filogic: kn-1812: add interrupt support for phy (+2)
cb4f2f4 mediatek: filogic: kn-1812: change dts node name to mt7992 (+1,-1)
08c9103 mediatek: filogic: kn-1812: set mdio drive strength to 10mA (+1,-1)
e6c43b8 mediatek: filogic: kn-1812: fix partition node name (+1,-1)
c6330df mediatek: filogic: kn-1812: drop phy-connection-type prop (-2)
909b0b8 mediatek: filogic: kn-1812: enable xsphy node (+4)
362d02c mediatek: add support for Keenetic/Netcraze (K/N)AP-630 (+301,-1)
0e618d6 mediatek: dts: drop wrong sgmiisys0 node override (-12)
ead6ca5 mediatek: filogic: kap-630/kn-(3811/3911): fix node name (+3,-3)
6c2304f mediatek: add support for Zyxel WX5600-T0 (+421,-2)
3efb676 kernel: bump 6.12 to 6.12.75 (+185,-305)
5c59e2f kernel: bump 6.12 to 6.12.77 (+63,-161)
ff235f0 kernel: bump 6.12 to 6.12.78 (+128,-579)
57fe3e0 mediatek: filogic: ASUS RT-AX52 PRO support (+2)
865229f mediatek: filogic: fix EAX17 rootfs hash in FIT node for per-device rootfs bu... (+1,-1)
0c6d004 mediatek: rax3000m: add Airoha AN8855 switch support (+147)
37e1a96 mediatek: add Huasifei WH3000 Pro NAND support (+182,-74)
eb82cd3 mediatek: device tree overlay for BPI-R4 with BE14 module (+284,-1)
50c18f8 mediatek: nmbm fix for Huasifei WH3000 Pro NAND (+4)
c3d15a6 kernel: bump 6.12 to 6.12.80 (+33,-33)
8a85437 kernel: bump 6.12 to 6.12.84 (+45,-45)
f24f476 mediatek: filogic: Add new Router model ZBT-Z8106AX-T (+392,-1)
c72d3b2 mediatek: update device tree of zbt-z8103ax for nmbm (+9,-1)
c200ed1 mediatek: filogic: add support for zbt-z8103ax-d (+3,-1)
c0d5d8f filogic: add support for D-Link AQUILA PRO AI E30 (+269,-1)

3efb676 kernel: bump 6.12 to 6.12.75 (+185,-305)
ff235f0 kernel: bump 6.12 to 6.12.78 (+128,-579)
12e56ac mvebu: fix kmod for switch on clearfog base/pro (+2,-2)

3efb676 kernel: bump 6.12 to 6.12.75 (+185,-305)

3efb676 kernel: bump 6.12 to 6.12.75 (+185,-305)
642e10e qualcommax: ipq807x: label mac for Linksys MX5300 (+4)
1f53503 qualcommax: ipq807x: mx5300: use existing aliases node (+1,-4)
6cbb072 qualcommax: ipq50xx: ax6000: enable pcie1 for QCA9887 (+2,-6)
a3a3dd6 ipq50xx: add label-mac-device to Linksys MX5500 (+4)

3efb676 kernel: bump 6.12 to 6.12.75 (+185,-305)

3f98e35 ramips: fix WAN LED GPIO for Xiaomi Mi Router 4C (+8,-1)
3efb676 kernel: bump 6.12 to 6.12.75 (+185,-305)
fdeb6d6 ramips: mt7621: fix reset hang (+207)
1867826 ramips: mt76x8: add support for Cudy LT300 v3 (+215,-6)
b00d263 kernel: bump 6.12 to 6.12.81 (+232,-315)
4a45e39 ramips: add support for EDUP EP-RT2983 (+224,-8)
051ec7f ramips: cpe200: fix eeprom size (+1,-1)
55b55c2 ramips: wn575a3: fix eeprom size for 5ghz wifi (+1,-1)

3efb676 kernel: bump 6.12 to 6.12.75 (+185,-305)
ff235f0 kernel: bump 6.12 to 6.12.78 (+128,-579)
b00d263 kernel: bump 6.12 to 6.12.81 (+232,-315)
098ecd6 kernel: bump 6.12 to 6.12.83 (+44,-44)

3efb676 kernel: bump 6.12 to 6.12.75 (+185,-305)
ff235f0 kernel: bump 6.12 to 6.12.78 (+128,-579)

3efb676 kernel: bump 6.12 to 6.12.75 (+185,-305)

3efb676 kernel: bump 6.12 to 6.12.75 (+185,-305)
5c59e2f kernel: bump 6.12 to 6.12.77 (+63,-161)
ff235f0 kernel: bump 6.12 to 6.12.78 (+128,-579)

ca11c6b base-files: MAJOR/MINOR not sequential, use DISKSEQ instead (+10,-10)

ece5454 x86: add support for DFI ADN553 (+8)
8b75ff7 x86: add support for DFI ASL553 (+2,-1)

Description: wifi txpower value is very low
Link: https://github.com/openwrt/openwrt/issues/17489
Commits:
eb82cd3 mediatek: device tree overlay for BPI-R4 with BE14 module (+284,-1)

Description: Mi router 4C unable to control WAN LED in luci
Link: https://github.com/openwrt/openwrt/issues/18578
Commits:
3f98e35 ramips: fix WAN LED GPIO for Xiaomi Mi Router 4C (+8,-1)

Description: Request to add support for rax3000m an8855 switch
Link: https://github.com/openwrt/openwrt/issues/21230
Commits:
0c6d004 mediatek: rax3000m: add Airoha AN8855 switch support (+147)

Description: wifi-scripts: ucode generated erp_domain/fils_cache_id/fils_realm does not match script
Link: https://github.com/openwrt/openwrt/issues/21768
Commits:
f778841 wifi-scripts: fix ucode erp_domain and fils_cache_id values (+3,-2)

Description: wifi-scripts: missing `iface` field in ucode schema
Link: https://github.com/openwrt/openwrt/issues/22165
Commits:
e840fbf wifi-scripts: ucode: add missing fields for station/vlan schema (+44)

Description: "wifi-scripts: bridge_isolate is not present in the schema"
Link: https://github.com/openwrt/openwrt/issues/22620
Commits:
8bb268a wifi-scripts: ucode: add bridge_isolate and network_vlan to schema (+11)

Description: OpenWRT 25.12 broken on Netgear DGN3500
Link: https://github.com/openwrt/openwrt/issues/22692
Commits:
c09f5e0 lantiq: fix u-boot env size for Netgear DGN3500 (+1)

Description: DDNS update not working in latest 25.12 snapshot due to SSL failure
Link: https://github.com/openwrt/openwrt/issues/22874
Commits:
6639b15 mbedtls: backport upstream patches to fix TLS 1.2 client issues (+321,-1)

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66442
Commits:
63329ad mbedtls: update to 3.6.6 (+3,-3)

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0819
Commits:
06af2e2 wolfssl: update to 5.9.0 (+3,-3)

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1005
Commits:
06af2e2 wolfssl: update to 5.9.0 (+3,-3)

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2645
Commits:
06af2e2 wolfssl: update to 5.9.0 (+3,-3)

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2646
Commits:
06af2e2 wolfssl: update to 5.9.0 (+3,-3)

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673
Commits:
7118a5b openssl: update to 3.5.6 (+2,-2)

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3229
Commits:
06af2e2 wolfssl: update to 5.9.0 (+3,-3)

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3230
Commits:
06af2e2 wolfssl: update to 5.9.0 (+3,-3)

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3503
Commits:
06af2e2 wolfssl: update to 5.9.0 (+3,-3)

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3547
Commits:
06af2e2 wolfssl: update to 5.9.0 (+3,-3)

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3548
Commits:
06af2e2 wolfssl: update to 5.9.0 (+3,-3)

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3549
Commits:
06af2e2 wolfssl: update to 5.9.0 (+3,-3)

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3579
Commits:
06af2e2 wolfssl: update to 5.9.0 (+3,-3)

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3580
Commits:
06af2e2 wolfssl: update to 5.9.0 (+3,-3)

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3849
Commits:
06af2e2 wolfssl: update to 5.9.0 (+3,-3)

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4159
Commits:
06af2e2 wolfssl: update to 5.9.0 (+3,-3)

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4395
Commits:
06af2e2 wolfssl: update to 5.9.0 (+3,-3)

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25833
Commits:
63329ad mbedtls: update to 3.6.6 (+3,-3)

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25834
Commits:
63329ad mbedtls: update to 3.6.6 (+3,-3)

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25835
Commits:
63329ad mbedtls: update to 3.6.6 (+3,-3)

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28387
Commits:
7118a5b openssl: update to 3.5.6 (+2,-2)

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28388
Commits:
7118a5b openssl: update to 3.5.6 (+2,-2)

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28389
Commits:
7118a5b openssl: update to 3.5.6 (+2,-2)

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28390
Commits:
7118a5b openssl: update to 3.5.6 (+2,-2)

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-31789
Commits:
7118a5b openssl: update to 3.5.6 (+2,-2)

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-31790
Commits:
7118a5b openssl: update to 3.5.6 (+2,-2)

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34871
Commits:
63329ad mbedtls: update to 3.6.6 (+3,-3)

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34872
Commits:
63329ad mbedtls: update to 3.6.6 (+3,-3)

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34873
Commits:
63329ad mbedtls: update to 3.6.6 (+3,-3)

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34874
Commits:
63329ad mbedtls: update to 3.6.6 (+3,-3)

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34875
Commits:
63329ad mbedtls: update to 3.6.6 (+3,-3)

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34876
Commits:
63329ad mbedtls: update to 3.6.6 (+3,-3)

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34877
Commits:
63329ad mbedtls: update to 3.6.6 (+3,-3)