CVE-2025-2704

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions OpenVPN versions 2.6.1 through 2.6.13

Description The issue allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase when OpenVPN is used in server mode with TLS-crypt-v2. It is estimated that over 3.2 million services are potentially affected. The vulnerability can be exploited to crash servers.

Recommendations For OpenVPN versions 2.6.1 through 2.6.13, update to version 2.6.14 to resolve the issue. As a temporary workaround, consider disabling the use of TLS-crypt-v2 until a patch is applied. Restrict access to the vulnerable server mode to minimize the risk of exploitation. Avoid using the --tls-crypt-v2 option in the affected OpenVPN versions until the issue is resolved.

Fix

DoS

Improper Check for Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-754

Related Identifiers

ALT-PU-2025-14195

ALT-PU-2025-14338

BDU:2025-05051

CLEANSTART-2026-DC27717

CLEANSTART-2026-MW52599

CVE-2025-2704

OESA-2025-1396

OESA-2025-1397

OPENSUSE-SU-2025:14979-1

OPENSUSE-SU-2025_1508-1

SUSE-SU-2025:01508-1

SUSE-SU-2025:1508-1

SUSE-SU-2025_01508-1

SUSE-SU-2025_1508-1

USN-7411-1

Affected Products

Alt Linux

Astra Linux

Debian

Linuxmint

Openvpn

Red Os

Suse

Ubuntu

CVE-2025-2704

Weakness Enumeration

Related Identifiers

Affected Products

References · 69