Vulnerability in Openvpn
CVE-2025-12106
Insufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses
EPSS: 0.001 (24.3th percentile) — read the EPSS interpretation.
Affected products
- Openvpn — versions 2.7_alpha1
Weakness classification (CWE)
References
- community.openvpn.net/Security Announcements/CVE-2025-12106 (vendor-advisory)
- www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00152.html (release-notes)