CVE-2025-12106
BaseFortify
Publication date: 2025-12-01
Last updated on: 2025-12-01
Assigner: OpenVPN Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openvpn | openvpn | 2.7 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-126 | The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a heap buffer over-read in OpenVPN versions 2.7_alpha1 through 2.7_rc1. It occurs due to insufficient argument validation when parsing IP addresses, specifically IPv6 addresses, allowing an attacker to trigger the over-read by providing invalid input. [1]
How can this vulnerability impact me? :
The vulnerability can lead to a heap buffer over-read, which may cause the OpenVPN process to crash or behave unpredictably. This could potentially be exploited by an attacker to cause denial of service or to leak sensitive memory contents, impacting the security and stability of the VPN service. [1]
What immediate steps should I take to mitigate this vulnerability?
Upgrade OpenVPN to version 2.7_rc2 or later, as this release includes a fix for CVE-2025-12106 that addresses the heap buffer over-read vulnerability in IP address parsing. Additionally, review and apply any related security updates provided in this release to ensure comprehensive protection. [1]