CVE-2025-2704

CVE-2025-2704

Name

CVE-2025-2704

Description

OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
security@openvpn.net	https://community.openvpn.net/openvpn/wiki/CVE-2025-2704
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/04/02/5
security@openvpn.net	https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00142.html

Type

URI

security@openvpn.net

https://community.openvpn.net/openvpn/wiki/CVE-2025-2704

af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2025/04/02/5

security@openvpn.net

https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00142.html

CPE URI	Source package	Min version	Max version
	openvpn	>= 2.6.1	<= 2.6.13

CPE URI

Source package

Min version

Max version

openvpn

>= 2.6.1

<= 2.6.13

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
openvpn	edge-main	2.6.14-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
openvpn	edge-main	2.6.13-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openvpn	edge-main	2.6.12-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openvpn	edge-main	2.6.12-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openvpn	edge-main	2.6.11-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openvpn	edge-main	2.6.10-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openvpn	edge-main	2.6.9-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openvpn	edge-main	2.6.9-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openvpn	edge-main	2.6.8-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openvpn	edge-main	2.6.7-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openvpn	edge-main	2.6.6-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openvpn	edge-main	2.6.5-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openvpn	edge-main	2.6.4-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openvpn	edge-main	2.6.3-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openvpn	edge-main	2.6.2-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openvpn	edge-main	2.6.2-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openvpn	edge-main	2.6.1-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openvpn	3.22-main	2.6.14-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
openvpn	3.22-main	2.6.11-r0	None	possibly vulnerable
openvpn	3.22-main	2.6.7-r0	None	possibly vulnerable
openvpn	3.21-main	2.6.14-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
openvpn	3.21-main	2.6.12-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openvpn	3.21-main	2.6.11-r0	None	possibly vulnerable
openvpn	3.21-main	2.6.7-r0	None	possibly vulnerable
openvpn	3.20-main	2.6.16-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
openvpn	3.20-main	2.6.11-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openvpn	3.20-main	2.6.10-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openvpn	3.20-main	2.6.7-r0	None	possibly vulnerable
openvpn	3.19-main	2.6.16-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
openvpn	3.19-main	2.6.11-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openvpn	3.19-main	2.6.8-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openvpn	3.19-main	2.6.7-r0	None	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

openvpn

edge-main

2.6.14-r0

Natanael Copa <ncopa@alpinelinux.org>

fixed

openvpn

edge-main