Improper IP Address Validation in OpenVPN by OpenVPN Technologies
CVE-2025-13086

4.6MEDIUM

Key Information:

Vendor

Openvpn
Status
Openvpn
Vendor
CVE Published:
3 December 2025

What is CVE-2025-13086?

An improper validation of source IP addresses in OpenVPN versions 2.6.0 through 2.7_rc1 allows attackers to establish connections using arbitrary IP addresses. This flaw can result in a denial of service for original clients, potentially disrupting communication and access to resources. Mitigating this vulnerability is essential to maintain network integrity and security.

Affected Version(s)

OpenVPN 2.6.0 <= 2.7_rc1

References

https://community.openvpn.net/Security%20Announcements/CV...
vendor-advisory
https://www.mail-archive.com/[email protected]...
release-notes
https://www.mail-archive.com/[email protected]...
release-notes

CVSS V4

Score:
4.6
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.