HTTP Request Smuggling Vulnerability in OpenVPN Access Server
CVE-2025-3110

6.9MEDIUM

Key Information:

Vendor

Openvpn

Vendor
CVE Published:
8 July 2026

What is CVE-2025-3110?

The OpenVPN Access Server versions 2.7.2 to 3.1.0 are vulnerable to an HTTP request smuggling issue. This vulnerability arises when the server accepts bare line-feed sequences in HTTP header values. Attackers leveraging this flaw can potentially manipulate HTTP requests when the server is located behind a reverse proxy, leading to unauthorized actions and data exposure.

Affected Version(s)

Access Server 2.7.2 <= 3.1.0

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.