Remote denial of service in OpenVPN server
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2025-2704 |
| CWE-ID | CWE-617 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
OpenVPN Server Server applications / Remote access servers, VPN |
| Vendor | OpenVPN |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Reachable assertion
EUVDB-ID: #VU106925
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-2704
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion in server mode using TLS-crypt-v2. A remote attacker can perform a denial of service attack against the VPN server by replaying network packets in the early handshake phase.
Successful exploitation of the vulnerability requires a valid tls-crypt-v2 client key or network observation of a handshake with a valid tls-crypt-v2 client key.
MitigationInstall updates from vendor's website.
Vulnerable software versionsOpenVPN Server: 2.6.1 - 2.6.13
CPE2.3- cpe:2.3:a:openvpn_net:openvpn_server:2.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:openvpn_net:openvpn_server:2.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:openvpn_net:openvpn_server:2.6.3:*:*:*:*:*:*:*
https://www.openwall.com/lists/oss-security/2025/04/02/5
https://community.openvpn.net/openvpn/wiki/CVE-2025-2704
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
