HTTP Request Smuggling Vulnerability in OpenVPN Access Server
CVE-2025-3110
6.9MEDIUM
What is CVE-2025-3110?
The OpenVPN Access Server versions 2.7.2 to 3.1.0 are vulnerable to an HTTP request smuggling issue. This vulnerability arises when the server accepts bare line-feed sequences in HTTP header values. Attackers leveraging this flaw can potentially manipulate HTTP requests when the server is located behind a reverse proxy, leading to unauthorized actions and data exposure.
Affected Version(s)
Access Server 2.7.2 <= 3.1.0