PT-2025-31889 · Vtun-Ng · Vtun-Ng
Leakingmemory
·
Published
2025-08-05
·
Updated
2025-08-05
·
CVE-2025-54870
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
VTun-ng versions 3.0.17 and below
Description
VTun-ng, a Virtual Tunnel over TCP/IP network, may revert to plaintext due to insufficient error handling when initializing encryption modules. The issue was introduced in version 3.0.12 and is resolved in version 3.0.18.
Recommendations
Update to version 3.0.18 or later.
Avoid using blowfish-256.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Vtun-Ng