CVE-2025-13086

CVE-2025-13086

Name

CVE-2025-13086

Description

Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.6.15 and 2.7_alpha1 through 2.7_rc1 allows an attacker to open a session from a different IP address which did not initiate the connection resulting in a denial of service for the originating client

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
vendor-advisory	https://community.openvpn.net/Security%20Announcements/CVE-2025-13086
release-notes	https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00151.html
release-notes	https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00152.html

Type

URI

vendor-advisory

https://community.openvpn.net/Security%20Announcements/CVE-2025-13086

release-notes

https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00151.html

release-notes

https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00152.html

Match rules

CPE URI	Source package	Min version	Max version
	openvpn	>= 2.6.0	<= 2.7_rc1
`cpe:2.3:a:openvpn:openvpn:::::community:::*`	openvpn	>= 2.6.0	< 2.6.16
`cpe:2.3:a:openvpn:openvpn:2.7:alpha1:::community:::*`	openvpn	== None	== 2.7

CPE URI

Source package

Min version

Max version

openvpn

>= 2.6.0

<= 2.7_rc1

cpe:2.3:a:openvpn:openvpn:*:*:*:*:community:*:*:*

openvpn

>= 2.6.0

< 2.6.16

cpe:2.3:a:openvpn:openvpn:2.7:alpha1:*:*:community:*:*:*

openvpn

== None

== 2.7

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
openvpn	edge-main	2.6.17-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
openvpn	edge-main	2.6.16-r1	Natanael Copa <ncopa@alpinelinux.org>	fixed
openvpn	edge-main	2.6.16-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
openvpn	edge-main	2.6.14-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openvpn	edge-main	2.6.13-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openvpn	edge-main	2.6.12-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openvpn	edge-main	2.6.12-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openvpn	edge-main	2.6.11-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openvpn	edge-main	2.6.10-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openvpn	edge-main	2.6.9-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openvpn	edge-main	2.6.9-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openvpn	edge-main	2.6.8-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openvpn	edge-main	2.6.7-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openvpn	edge-main	2.6.6-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openvpn	edge-main	2.6.5-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openvpn	edge-main	2.6.4-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openvpn	edge-main	2.6.3-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openvpn	edge-main	2.6.2-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openvpn	edge-main	2.6.2-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openvpn	edge-main	2.6.1-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openvpn	edge-main	2.6.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openvpn	3.23-main	2.6.16-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
openvpn	3.22-main	2.6.16-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
openvpn	3.22-main	2.6.14-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openvpn	3.22-main	2.6.11-r0	None	possibly vulnerable
openvpn	3.22-main	2.6.7-r0	None	possibly vulnerable
openvpn	3.21-main	2.6.16-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
openvpn	3.21-main	2.6.14-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openvpn	3.21-main	2.6.12-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openvpn	3.21-main	2.6.11-r0	None	possibly vulnerable
openvpn	3.21-main	2.6.7-r0	None	possibly vulnerable
openvpn	3.20-main	2.6.16-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
openvpn	3.20-main	2.6.11-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openvpn	3.20-main	2.6.10-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openvpn	3.20-main	2.6.7-r0	None	possibly vulnerable
openvpn	3.19-main	2.6.16-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
openvpn	3.19-main	2.6.11-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openvpn	3.19-main	2.6.8-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openvpn	3.19-main	2.6.7-r0	None	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

References

Match rules

Vulnerable and fixed packages