CVE-2025-15497
LOWOpenVPN 2.7_alpha1-2.7_rc5 - Authenticated Denial of Service via Epoch Key Slot Processing
Title source: llmDescription
Insufficient epoch key slot processing in OpenVPN 2.7_alpha1 through 2.7_rc5 allows remote authenticated users to trigger an assert resulting in a denial of service
References (2)
Core 2
Core References
Various Sources vendor-advisory
https://community.openvpn.net/Security%20Announcements/CVE-2025-15497
Mailing List release-notes
https://www.mail-archive.com/[email protected]/msg00156.html
Scores
CVSS v4
3.8
EPSS
0.0032
EPSS Percentile
23.8%
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-617
Status
published
Products (1)
OpenVPN/OpenVPN
2.7_alpha1 - 2.7_rc5
Published
Jan 30, 2026
Tracked Since
Feb 18, 2026