CVE-2025-13751
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-12-03
Last updated on: 2025-12-12
Assigner: OpenVPN Inc.
Description
Description
Interactive service agent in OpenVPN version 2.5.0 through 2.6.16 and 2.7_alpha1 through 2.7_rc2 on Windows allows a local authenticated user to connect to the service and trigger an error causing a local denial of service.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openvpn | openvpn | 2.7_rc2 |
| openvpn | openvpn | 2.5.0 |
| openvpn | openvpn | 2.7_rc1 |
| openvpn | openvpn | 2.6.16 |
| openvpn | openvpn | 2.7_rc3 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-775 | The product does not release a file descriptor or handle after its effective lifetime has ended, i.e., after the file descriptor/handle is no longer needed. |
| CWE-841 | The product supports a session in which more than one behavior must be performed by an actor, but it does not properly ensure that the actor performs the behaviors in the required sequence. |
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the interactive service agent of OpenVPN versions 2.5.0 through 2.7_rc2 on Windows. It allows a local authenticated user to connect to the service and trigger an error that causes a local denial of service.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing a local authenticated user to cause a denial of service on the affected OpenVPN service, potentially disrupting VPN connectivity and related network services on the Windows system.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70