CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-12106

Insufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 22.3%

CVSS Severity

CVSS v3 Score 9.1

References

https://community.openvpn.net/Security%20Announcements/CVE-2025-12106
https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00152.html

Products affected by CVE-2025-12106

Openvpn » Openvpn » Version: 2.6.13

cpe:2.3:a:openvpn:openvpn:2.6.13
Openvpn » Openvpn » Version: 2.7

cpe:2.3:a:openvpn:openvpn:2.7

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-12106

Products

Pricing

Contact Us