Buffer Overflow Vulnerability in OpenVPN Client Software
CVE-2025-50054

Currently unrated

Key Information:

Vendor: Openvpn
Status: Ovpn-dco-win
Vendor: CVE Published:; 20 June 2025

What is CVE-2025-50054?

A buffer overflow vulnerability has been identified in the OpenVPN ovpn-dco-win versions prior to 1.3.0 and 2.5.8. This flaw enables a local user process to transmit an excessively large control message buffer to the kernel driver, which may result in unexpected behavior and potentially crash the system.

Affected Version(s)

ovpn-dco-win Windows 0 < 1.3.1

ovpn-dco-win Windows 0 < 2.5.9

References

https://community.openvpn.net/Security%20Announcements/CV...

https://community.openvpn.net/Downloads#openvpn-27_alpha2...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 20, 2025
Vulnerability Reserved
Jun 11, 2025

Openvpn

What is CVE-2025-50054?

Affected Version(s)

References

Timeline