CVE-2025-3908

CVSS v3.1

6.2

Medium

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: OpenVPN 3 Linux versions 20 through 24

Description: The configuration initialization tool in OpenVPN 3 Linux allows a local attacker to use symlinks pointing at an arbitrary directory, which will change the ownership and permissions of that destination directory.

Recommendations: For OpenVPN 3 Linux versions 20 through 24, consider restricting the use of the configuration initialization tool until a patch is available to prevent local attackers from exploiting symlinks to alter directory permissions.

Fix

LPE

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

BDU:2025-09972

CVE-2025-3908

Affected Products

Openvpn 3 Linux

CVE-2025-3908

Weakness Enumeration

Related Identifiers

Affected Products

References · 14