CVE-2025-13086
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-12-03
Last updated on: 2025-12-12
Assigner: OpenVPN Inc.
Description
Description
Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.6.15 and 2.7_alpha1 through 2.7_rc1 allows an attacker to open a session from a different IP address which did not initiate the connection resulting in a denial of service for the originating client
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openvpn | openvpn | 2.7_rc1 |
| openvpn | openvpn | 2.6.0 |
| openvpn | openvpn | 2.7_alpha1 |
| openvpn | openvpn | 2.6.15 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-940 | The product establishes a communication channel to handle an incoming request that has been initiated by an actor, but it does not properly verify that the request is coming from the expected origin. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in OpenVPN versions 2.6.0 through 2.7_rc1 involves improper validation of source IP addresses. It allows an attacker to open a session from a different IP address than the one that initiated the connection, which can disrupt the original client's connection.
How can this vulnerability impact me? :
The vulnerability can result in a denial of service for the originating client by allowing an attacker to hijack or interfere with the VPN session from a different IP address.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70