CVE-2025-50055

MEDIUM

OpenVPN Access Server <2.14.4 - XSS

Title source: llm
STIX 2.1

Description

Cross-site scripting (XSS) vulnerability in the SAML Authentication module in OpenVPN Access Server version 2.14.0 through 2.14.3 allows configured remote SAML Assertion Consumer Service (ACS) endpoint servers to inject arbitrary web script or HTML via the RelayState parameter

References (1)

Core 1

Scores

CVSS v3 6.4
EPSS 0.0020
EPSS Percentile 10.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
OpenVPN/Access Server 2.14.0 - 2.14.3
Published Oct 27, 2025
Tracked Since Feb 18, 2026