Refine your search
14 vulnerabilities found for OpenVPN by OpenVPN
CVE-2025-13086 (GCVE-0-2025-13086)
Vulnerability from nvd
Published
2025-12-03 19:54
Modified
2025-12-03 21:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-940 - Improper Verification of Source of a Communication Channel
Summary
Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.7_rc1 allows an attacker to open a session from a different IP address which did not initiate the connection resulting in a denial of service for the originating client
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13086",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T21:48:54.419203Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T21:49:07.801Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenVPN",
"vendor": "OpenVPN",
"versions": [
{
"lessThanOrEqual": "2.7_rc1",
"status": "affected",
"version": "2.6.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.7_rc1 allows an attacker to open a session from a different IP address which did not initiate the connection resulting in a denial of service for the originating client"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-940",
"description": "CWE-940: Improper Verification of Source of a Communication Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T19:54:10.737Z",
"orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"shortName": "OpenVPN"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://community.openvpn.net/Security%20Announcements/CVE-2025-13086"
},
{
"tags": [
"release-notes"
],
"url": "https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00152.html"
},
{
"tags": [
"release-notes"
],
"url": "https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00151.html"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"assignerShortName": "OpenVPN",
"cveId": "CVE-2025-13086",
"datePublished": "2025-12-03T19:54:10.737Z",
"dateReserved": "2025-11-12T19:37:55.606Z",
"dateUpdated": "2025-12-03T21:49:07.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13751 (GCVE-0-2025-13751)
Vulnerability from nvd
Published
2025-12-03 16:22
Modified
2025-12-03 16:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Interactive service agent in OpenVPN version 2.5.0 through 2.7_rc2 on Windows allows a local authenticated user to connect to the service and trigger an error causing a local denial of service.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13751",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T16:32:17.086600Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T16:32:26.329Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "OpenVPN",
"vendor": "OpenVPN",
"versions": [
{
"lessThanOrEqual": "2.7_rc2",
"status": "affected",
"version": "2.5.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Interactive service agent in OpenVPN version 2.5.0 through 2.7_rc2 on Windows allows a local authenticated user to connect to the service and trigger an error causing a local denial of service."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 1.3,
"baseSeverity": "LOW",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "LOW",
"providerUrgency": "CLEAR",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/U:Clear",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-775",
"description": "CWE-775: Missing Release of File Descriptor or Handle after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-841",
"description": "CWE-841: Improper Enforcement of Behavioral Workflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T16:22:35.771Z",
"orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"shortName": "OpenVPN"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://community.openvpn.net/Security%20Announcements/CVE-2025-13751"
},
{
"tags": [
"release-notes"
],
"url": "https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00154.htmlhttps://"
},
{
"tags": [
"release-notes"
],
"url": "https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00153.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"assignerShortName": "OpenVPN",
"cveId": "CVE-2025-13751",
"datePublished": "2025-12-03T16:22:35.771Z",
"dateReserved": "2025-11-26T16:51:49.203Z",
"dateUpdated": "2025-12-03T16:32:26.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12106 (GCVE-0-2025-12106)
Vulnerability from nvd
Published
2025-12-01 12:43
Modified
2025-12-01 18:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-126 - Buffer Over-read
Summary
Insufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses
References
| URL | Tags | |
|---|---|---|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-12106",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-01T18:49:24.604801Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T18:50:28.995Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenVPN",
"vendor": "OpenVPN",
"versions": [
{
"lessThanOrEqual": "2.7_rc1",
"status": "affected",
"version": "2.7_alpha1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126: Buffer Over-read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T12:43:02.480Z",
"orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"shortName": "OpenVPN"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://community.openvpn.net/Security%20Announcements/CVE-2025-12106"
},
{
"tags": [
"release-notes"
],
"url": "https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00152.html"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"assignerShortName": "OpenVPN",
"cveId": "CVE-2025-12106",
"datePublished": "2025-12-01T12:43:02.480Z",
"dateReserved": "2025-10-23T08:47:11.843Z",
"dateUpdated": "2025-12-01T18:50:28.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-10680 (GCVE-0-2025-10680)
Vulnerability from nvd
Published
2025-10-24 10:06
Modified
2025-10-25 03:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
OpenVPN 2.7_alpha1 through 2.7_beta1 on POSIX based platforms allows a remote authenticated server to inject shell commands via DNS variables when --dns-updown is in use
References
| URL | Tags | |
|---|---|---|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-10680",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-24T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-25T03:56:05.222Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"BSD",
"Linux",
"MacOS",
"POSIX"
],
"product": "OpenVPN",
"vendor": "OpenVPN",
"versions": [
{
"lessThanOrEqual": "2.7_beta1",
"status": "affected",
"version": "2.7_alpha1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenVPN 2.7_alpha1 through 2.7_beta1 on POSIX based platforms allows a remote authenticated server to inject shell commands via DNS variables when --dns-updown is in use"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-24T10:06:51.056Z",
"orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"shortName": "OpenVPN"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://community.openvpn.net/Security%20Announcements/CVE-2025-10680"
},
{
"tags": [
"release-notes"
],
"url": "https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00149.html"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"assignerShortName": "OpenVPN",
"cveId": "CVE-2025-10680",
"datePublished": "2025-10-24T10:06:51.056Z",
"dateReserved": "2025-09-18T09:48:38.988Z",
"dateUpdated": "2025-10-25T03:56:05.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2704 (GCVE-0-2025-2704)
Vulnerability from nvd
Published
2025-04-02 21:00
Modified
2025-10-23 10:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Summary
OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase
References
| URL | Tags | |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-04-03T00:11:05.289Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/04/02/5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-2704",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T17:20:44.473236Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T17:23:59.009Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenVPN",
"vendor": "OpenVPN",
"versions": [
{
"lessThanOrEqual": "2.6.13",
"status": "affected",
"version": "2.6.1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-23T10:53:34.373Z",
"orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"shortName": "OpenVPN"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2025-2704"
},
{
"tags": [
"release-notes"
],
"url": "https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00142.html"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"assignerShortName": "OpenVPN",
"cveId": "CVE-2025-2704",
"datePublished": "2025-04-02T21:00:58.582Z",
"dateReserved": "2025-03-24T10:26:42.493Z",
"dateUpdated": "2025-10-23T10:53:34.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5594 (GCVE-0-2024-5594)
Vulnerability from nvd
Published
2025-01-06 13:52
Modified
2025-11-03 20:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1287 - Improper Validation of Specified Type of Input
Summary
OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-5594",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-06T16:56:30.416711Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T20:40:13.684Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:48:53.705Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00005.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenVPN",
"vendor": "OpenVPN",
"versions": [
{
"lessThan": "2.6.11",
"status": "affected",
"version": "0",
"versionType": "patch"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1287",
"description": "Improper Validation of Specified Type of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-02T21:00:17.688Z",
"orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"shortName": "OpenVPN"
},
"references": [
{
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2024-5594"
},
{
"url": "https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07634.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"assignerShortName": "OpenVPN",
"cveId": "CVE-2024-5594",
"datePublished": "2025-01-06T13:52:20.272Z",
"dateReserved": "2024-06-03T08:46:40.371Z",
"dateUpdated": "2025-11-03T20:48:53.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-0547 (GCVE-0-2022-0547)
Vulnerability from nvd
Published
2022-03-18 18:00
Modified
2025-11-03 20:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-305 - - Authentication Bypass by Primary Weakness
Summary
OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:34:30.191Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2022-0547"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://openvpn.net/community-downloads/"
},
{
"name": "FEDORA-2022-7d46acce7c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R36OYC5SJ6FLPVAYJYYT4MOJ2I7MGYFF/"
},
{
"name": "FEDORA-2022-cb4c1146dc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFXJ35WKPME4HYNQCQNAJHLCZOJL2SAE/"
},
{
"name": "[debian-lts-announce] 20220503 [SECURITY] [DLA 2992-1] openvpn security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00005.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-0547",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:27:37.639278Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:46:01.507Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OpenVPN",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "version 2.1 until version 2.4.12 and 2.5.6."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305 - Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-03T13:06:11.000Z",
"orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"shortName": "OpenVPN"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2022-0547"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://openvpn.net/community-downloads/"
},
{
"name": "FEDORA-2022-7d46acce7c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R36OYC5SJ6FLPVAYJYYT4MOJ2I7MGYFF/"
},
{
"name": "FEDORA-2022-cb4c1146dc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFXJ35WKPME4HYNQCQNAJHLCZOJL2SAE/"
},
{
"name": "[debian-lts-announce] 20220503 [SECURITY] [DLA 2992-1] openvpn security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@openvpn.net",
"ID": "CVE-2022-0547",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenVPN",
"version": {
"version_data": [
{
"version_value": "version 2.1 until version 2.4.12 and 2.5.6."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-305 - Authentication Bypass by Primary Weakness"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements",
"refsource": "MISC",
"url": "https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements"
},
{
"name": "https://community.openvpn.net/openvpn/wiki/CVE-2022-0547",
"refsource": "MISC",
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2022-0547"
},
{
"name": "https://openvpn.net/community-downloads/",
"refsource": "MISC",
"url": "https://openvpn.net/community-downloads/"
},
{
"name": "FEDORA-2022-7d46acce7c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R36OYC5SJ6FLPVAYJYYT4MOJ2I7MGYFF/"
},
{
"name": "FEDORA-2022-cb4c1146dc",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GFXJ35WKPME4HYNQCQNAJHLCZOJL2SAE/"
},
{
"name": "[debian-lts-announce] 20220503 [SECURITY] [DLA 2992-1] openvpn security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"assignerShortName": "OpenVPN",
"cveId": "CVE-2022-0547",
"datePublished": "2022-03-18T18:00:20.000Z",
"dateReserved": "2022-02-08T00:00:00.000Z",
"dateUpdated": "2025-11-03T20:34:30.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13086 (GCVE-0-2025-13086)
Vulnerability from cvelistv5
Published
2025-12-03 19:54
Modified
2025-12-03 21:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-940 - Improper Verification of Source of a Communication Channel
Summary
Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.7_rc1 allows an attacker to open a session from a different IP address which did not initiate the connection resulting in a denial of service for the originating client
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13086",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T21:48:54.419203Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T21:49:07.801Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenVPN",
"vendor": "OpenVPN",
"versions": [
{
"lessThanOrEqual": "2.7_rc1",
"status": "affected",
"version": "2.6.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.7_rc1 allows an attacker to open a session from a different IP address which did not initiate the connection resulting in a denial of service for the originating client"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-940",
"description": "CWE-940: Improper Verification of Source of a Communication Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T19:54:10.737Z",
"orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"shortName": "OpenVPN"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://community.openvpn.net/Security%20Announcements/CVE-2025-13086"
},
{
"tags": [
"release-notes"
],
"url": "https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00152.html"
},
{
"tags": [
"release-notes"
],
"url": "https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00151.html"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"assignerShortName": "OpenVPN",
"cveId": "CVE-2025-13086",
"datePublished": "2025-12-03T19:54:10.737Z",
"dateReserved": "2025-11-12T19:37:55.606Z",
"dateUpdated": "2025-12-03T21:49:07.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13751 (GCVE-0-2025-13751)
Vulnerability from cvelistv5
Published
2025-12-03 16:22
Modified
2025-12-03 16:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Interactive service agent in OpenVPN version 2.5.0 through 2.7_rc2 on Windows allows a local authenticated user to connect to the service and trigger an error causing a local denial of service.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13751",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T16:32:17.086600Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T16:32:26.329Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "OpenVPN",
"vendor": "OpenVPN",
"versions": [
{
"lessThanOrEqual": "2.7_rc2",
"status": "affected",
"version": "2.5.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Interactive service agent in OpenVPN version 2.5.0 through 2.7_rc2 on Windows allows a local authenticated user to connect to the service and trigger an error causing a local denial of service."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 1.3,
"baseSeverity": "LOW",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "LOW",
"providerUrgency": "CLEAR",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/U:Clear",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-775",
"description": "CWE-775: Missing Release of File Descriptor or Handle after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-841",
"description": "CWE-841: Improper Enforcement of Behavioral Workflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T16:22:35.771Z",
"orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"shortName": "OpenVPN"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://community.openvpn.net/Security%20Announcements/CVE-2025-13751"
},
{
"tags": [
"release-notes"
],
"url": "https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00154.htmlhttps://"
},
{
"tags": [
"release-notes"
],
"url": "https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00153.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"assignerShortName": "OpenVPN",
"cveId": "CVE-2025-13751",
"datePublished": "2025-12-03T16:22:35.771Z",
"dateReserved": "2025-11-26T16:51:49.203Z",
"dateUpdated": "2025-12-03T16:32:26.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12106 (GCVE-0-2025-12106)
Vulnerability from cvelistv5
Published
2025-12-01 12:43
Modified
2025-12-01 18:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-126 - Buffer Over-read
Summary
Insufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses
References
| URL | Tags | |
|---|---|---|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-12106",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-01T18:49:24.604801Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T18:50:28.995Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenVPN",
"vendor": "OpenVPN",
"versions": [
{
"lessThanOrEqual": "2.7_rc1",
"status": "affected",
"version": "2.7_alpha1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126: Buffer Over-read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T12:43:02.480Z",
"orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"shortName": "OpenVPN"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://community.openvpn.net/Security%20Announcements/CVE-2025-12106"
},
{
"tags": [
"release-notes"
],
"url": "https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00152.html"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"assignerShortName": "OpenVPN",
"cveId": "CVE-2025-12106",
"datePublished": "2025-12-01T12:43:02.480Z",
"dateReserved": "2025-10-23T08:47:11.843Z",
"dateUpdated": "2025-12-01T18:50:28.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-10680 (GCVE-0-2025-10680)
Vulnerability from cvelistv5
Published
2025-10-24 10:06
Modified
2025-10-25 03:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
OpenVPN 2.7_alpha1 through 2.7_beta1 on POSIX based platforms allows a remote authenticated server to inject shell commands via DNS variables when --dns-updown is in use
References
| URL | Tags | |
|---|---|---|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-10680",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-24T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-25T03:56:05.222Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"BSD",
"Linux",
"MacOS",
"POSIX"
],
"product": "OpenVPN",
"vendor": "OpenVPN",
"versions": [
{
"lessThanOrEqual": "2.7_beta1",
"status": "affected",
"version": "2.7_alpha1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenVPN 2.7_alpha1 through 2.7_beta1 on POSIX based platforms allows a remote authenticated server to inject shell commands via DNS variables when --dns-updown is in use"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-24T10:06:51.056Z",
"orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"shortName": "OpenVPN"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://community.openvpn.net/Security%20Announcements/CVE-2025-10680"
},
{
"tags": [
"release-notes"
],
"url": "https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00149.html"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"assignerShortName": "OpenVPN",
"cveId": "CVE-2025-10680",
"datePublished": "2025-10-24T10:06:51.056Z",
"dateReserved": "2025-09-18T09:48:38.988Z",
"dateUpdated": "2025-10-25T03:56:05.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2704 (GCVE-0-2025-2704)
Vulnerability from cvelistv5
Published
2025-04-02 21:00
Modified
2025-10-23 10:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Summary
OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase
References
| URL | Tags | |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-04-03T00:11:05.289Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/04/02/5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-2704",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T17:20:44.473236Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T17:23:59.009Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenVPN",
"vendor": "OpenVPN",
"versions": [
{
"lessThanOrEqual": "2.6.13",
"status": "affected",
"version": "2.6.1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-23T10:53:34.373Z",
"orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"shortName": "OpenVPN"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2025-2704"
},
{
"tags": [
"release-notes"
],
"url": "https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00142.html"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"assignerShortName": "OpenVPN",
"cveId": "CVE-2025-2704",
"datePublished": "2025-04-02T21:00:58.582Z",
"dateReserved": "2025-03-24T10:26:42.493Z",
"dateUpdated": "2025-10-23T10:53:34.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5594 (GCVE-0-2024-5594)
Vulnerability from cvelistv5
Published
2025-01-06 13:52
Modified
2025-11-03 20:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1287 - Improper Validation of Specified Type of Input
Summary
OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-5594",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-06T16:56:30.416711Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T20:40:13.684Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:48:53.705Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00005.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenVPN",
"vendor": "OpenVPN",
"versions": [
{
"lessThan": "2.6.11",
"status": "affected",
"version": "0",
"versionType": "patch"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1287",
"description": "Improper Validation of Specified Type of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-02T21:00:17.688Z",
"orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"shortName": "OpenVPN"
},
"references": [
{
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2024-5594"
},
{
"url": "https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07634.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"assignerShortName": "OpenVPN",
"cveId": "CVE-2024-5594",
"datePublished": "2025-01-06T13:52:20.272Z",
"dateReserved": "2024-06-03T08:46:40.371Z",
"dateUpdated": "2025-11-03T20:48:53.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-0547 (GCVE-0-2022-0547)
Vulnerability from cvelistv5
Published
2022-03-18 18:00
Modified
2025-11-03 20:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-305 - - Authentication Bypass by Primary Weakness
Summary
OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:34:30.191Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2022-0547"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://openvpn.net/community-downloads/"
},
{
"name": "FEDORA-2022-7d46acce7c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R36OYC5SJ6FLPVAYJYYT4MOJ2I7MGYFF/"
},
{
"name": "FEDORA-2022-cb4c1146dc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFXJ35WKPME4HYNQCQNAJHLCZOJL2SAE/"
},
{
"name": "[debian-lts-announce] 20220503 [SECURITY] [DLA 2992-1] openvpn security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00005.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-0547",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:27:37.639278Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:46:01.507Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OpenVPN",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "version 2.1 until version 2.4.12 and 2.5.6."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305 - Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-03T13:06:11.000Z",
"orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"shortName": "OpenVPN"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2022-0547"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://openvpn.net/community-downloads/"
},
{
"name": "FEDORA-2022-7d46acce7c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R36OYC5SJ6FLPVAYJYYT4MOJ2I7MGYFF/"
},
{
"name": "FEDORA-2022-cb4c1146dc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFXJ35WKPME4HYNQCQNAJHLCZOJL2SAE/"
},
{
"name": "[debian-lts-announce] 20220503 [SECURITY] [DLA 2992-1] openvpn security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@openvpn.net",
"ID": "CVE-2022-0547",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenVPN",
"version": {
"version_data": [
{
"version_value": "version 2.1 until version 2.4.12 and 2.5.6."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-305 - Authentication Bypass by Primary Weakness"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements",
"refsource": "MISC",
"url": "https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements"
},
{
"name": "https://community.openvpn.net/openvpn/wiki/CVE-2022-0547",
"refsource": "MISC",
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2022-0547"
},
{
"name": "https://openvpn.net/community-downloads/",
"refsource": "MISC",
"url": "https://openvpn.net/community-downloads/"
},
{
"name": "FEDORA-2022-7d46acce7c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R36OYC5SJ6FLPVAYJYYT4MOJ2I7MGYFF/"
},
{
"name": "FEDORA-2022-cb4c1146dc",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GFXJ35WKPME4HYNQCQNAJHLCZOJL2SAE/"
},
{
"name": "[debian-lts-announce] 20220503 [SECURITY] [DLA 2992-1] openvpn security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"assignerShortName": "OpenVPN",
"cveId": "CVE-2022-0547",
"datePublished": "2022-03-18T18:00:20.000Z",
"dateReserved": "2022-02-08T00:00:00.000Z",
"dateUpdated": "2025-11-03T20:34:30.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}