CVE-2025-2704

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-2704
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-2704.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-2704
Downstream
Related
Published
2025-04-02T21:15:32.943Z
Modified
2026-03-23T05:00:06.404307994Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase

References

Affected packages

Git / github.com/openvpn/openvpn

Affected ranges

Type
GIT
Repo
https://github.com/openvpn/openvpn
Events
Introduced
2c2a98a0e559928c2523bf32fbf4c8beaa160b12
Last affected
5662b3a8eb9e5744602a6da8cf3847455a0ba74f
Database specific 
{
    "versions": [
        {
            "introduced": "2.6.1"
        },
        {
            "last_affected": "2.6.13"
        }
    ]
}

Affected versions

v2.*
v2.6.1
v2.6.10
v2.6.11
v2.6.12
v2.6.13
v2.6.2
v2.6.3
v2.6.4
v2.6.5
v2.6.6
v2.6.7
v2.6.8
v2.6.9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-2704.json"