CVE Watchtower ← Back to CVE ListCVE-2025-10680NVDVulnerability SummaryOpenVPN 2.7_alpha1 through 2.7_beta1 on POSIX based platforms allows a remote authenticated server to inject shell commands via DNS variables when --dns-updown is in useSeverity LevelUNKNOWNPublished DateOct 24, 2025Last ModifiedOct 24, 2025Exploitation Status????EPSS Score (30-Day)Data PendingRoot Weakness (CWE)CWE-78: OS Command Injection βThe software constructs all or part of an OS command using externally-influenced input, but does not properly neutralize special elements.External Referenceshttps://community.openvpn.net/Security%20Announcements/CVE-2025-10680https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00149.html