Vulnerability in Openvpn

CVE-2025-2704

OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase

EPSS: 0.005 (67.0th percentile) — read the EPSS interpretation.

Affected products

Openvpn — versions 2.6.1

Weakness classification (CWE)

CWE-754 — Improper Check for Unusual or Exceptional Conditions

References

community.openvpn.net/openvpn/wiki/CVE-2025-2704 (vendor-advisory)
www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00142.html (release-notes)