Openvpn: >> Openvpn >> 2.6.13 Security Vulnerabilities
Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.6.15 and 2.7_alpha1 through 2.7_rc1 allows an attacker to open a session from a different IP address which did not initiate the connection resulting in a denial of service for the originating client
CVSS Score
7.5
EPSS Score
0.001
Published
2025-12-03
Interactive service agent in OpenVPN version 2.5.0 through 2.6.16 and 2.7_alpha1 through 2.7_rc2 on Windows allows a local authenticated user to connect to the service and trigger an error causing a local denial of service.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-12-03
Insufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses
CVSS Score
9.1
EPSS Score
0.001
Published
2025-12-01
OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase
CVSS Score
7.5
EPSS Score
0.006
Published
2025-04-02