AIKIDO-2025-10403
OpenVPN.openvpn is vulnerable to Improper Check for Unusual or Exceptional Conditions
24
Low Risk
This Affects:
OpenVPN.openvpnTL;DR
Affected versions of OpenVPN between 2.6.1 and 2.6.13 are vulnerable to a denial of service when using --tls-crypt-v2. A malicious actor with access to a valid tls-crypt-v2 client key, or with the ability to observe a handshake using such a key, can trigger an ASSERT() failure on the server by sending a crafted combination of authenticated and malformed packets. This causes the server to abort. The vulnerability does not compromise cryptographic integrity, leak data, or allow remote code execution, and it does not affect OpenVPN clients.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
OpenVPN.openvpn is vulnerable to Improper Check for Unusual or Exceptional Conditions in versions 2.6.1 - 2.6.13.
How to fix this
Upgrade the OpenVPN.openvpn library to the patch version.
Links
GitHub Release
Other
community.openvpn.net/openvpn/wiki/CVE-2025-2704mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00142.htmlopenwall.com/lists/oss-security/2025/04/02/5
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant