CVE-2025-2704

HIGH

Openvpn < 2.6.13 - Improper Condition Check

Title source: rule

Description

OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase

References (3)

[Mailing List] http://www.openwall.com/lists/oss-security/2025/04/02/5

[Broken Link] https://community.openvpn.net/openvpn/wiki/CVE-2025-2704

[Mailing List] https://www.mail-archive.com/[email protected]/msg00142.html

Scores

CVSS v3 7.5

EPSS 0.0069

EPSS Percentile 71.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-754

Status published

Products (1)

openvpn/openvpn 2.6.1 - 2.6.13

Published Apr 02, 2025

Tracked Since Feb 18, 2026