CVE-2025-15497
Unknown
Unknown - Not Provided
Assertion Failure DoS in OpenVPN 2.7 Epoch Key Processing
Publication date: 2026-01-30
Last updated on: 2026-01-30
Assigner: OpenVPN Inc.
Description
Description
Insufficient epoch key slot processing in OpenVPN 2.7_alpha1 through 2.7_rc5 allows remote authenticated users to trigger an assert resulting in a denial of service
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openvpn | openvpn | From 2.7_alpha1 (inc) to 2.7_rc5 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-617 | The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is due to insufficient processing of epoch key slots in OpenVPN versions 2.7_alpha1 through 2.7_rc5. It allows remote authenticated users to trigger an assertion failure, which results in a denial of service condition.
How can this vulnerability impact me? :
The impact of this vulnerability is a denial of service, meaning that an attacker who is remotely authenticated can cause the OpenVPN service to crash or become unavailable.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70