CVE-2025-2704
HIGHOpenVPN 2.6.1-2.6.13 - Denial of Service via TLS-crypt-v2 Handshake Packet Replay
Title source: llmDescription
OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase
References (3)
Core 3
Core References
Broken Link vendor-advisory
https://community.openvpn.net/openvpn/wiki/CVE-2025-2704
Mailing List release-notes
https://www.mail-archive.com/[email protected]/msg00142.html
Scores
CVSS v3
7.5
EPSS
0.0073
EPSS Percentile
49.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-754
Status
published
Products (1)
openvpn/openvpn
2.6.1 - 2.6.13
Published
Apr 02, 2025
Tracked Since
Feb 18, 2026