Vulnerability in Openvpn

CVE-2025-15497

Insufficient epoch key slot processing in OpenVPN 2.7_alpha1 through 2.7_rc5 allows remote authenticated users to trigger an assert resulting in a denial of service

EPSS: 0.001 (26.3th percentile) — read the EPSS interpretation.

Affected products

Openvpn — versions 2.7_alpha1

Weakness classification (CWE)

CWE-617 — Reachable Assertion

References

community.openvpn.net/Security Announcements/CVE-2025-15497 (vendor-advisory)
www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00156.html (release-notes)