CVE-2025-13086NVD

Vulnerability Summary

Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.7_rc1 allows an attacker to open a session from a different IP address which did not initiate the connection resulting in a denial of service for the originating client

Severity Level

MEDIUM(4.6)

Published Date

Dec 3, 2025

Last Modified

Dec 3, 2025

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

CWE-940: Unknown/Unlisted Weakness ↗

Refer to the official MITRE database for detailed architectural specifications regarding this weakness.

CVSS v4.0 Base Metrics

Attack VectorNetwork

Attack ComplexityHigh

Privileges RequiredNone

User InteractionNone

External References

https://community.openvpn.net/Security%20Announcements/CVE-2025-13086
https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00151.html
https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00152.html

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2025-13086NVD

Vulnerability Summary

External References