RCE in Openvpn

CVE-2025-10680

OpenVPN 2.7_alpha1 through 2.7_beta1 on POSIX based platforms allows a remote authenticated server to inject shell commands via DNS variables when --dns-updown is in use

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.002 (43.8th percentile) — read the EPSS interpretation.

Affected products

Openvpn — versions 2.7_alpha1

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

community.openvpn.net/Security Announcements/CVE-2025-10680 (vendor-advisory)
www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00149.html (release-notes)