#VU106925 Reachable assertion in OpenVPN Server - CVE-2025-2704

Cybersecurity Help s.r.o.

Published: 2025-04-03

Vulnerability identifier: #VU106925

Vulnerability risk: Medium

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-2704

CWE-ID: CWE-617

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
OpenVPN Server
Server applications / Remote access servers, VPN

Vendor: OpenVPN

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion in server mode using TLS-crypt-v2. A remote attacker can perform a denial of service attack against the VPN server by replaying network packets in the early handshake phase.

Successful exploitation of the vulnerability requires a valid tls-crypt-v2 client key or network observation of a handshake with a valid tls-crypt-v2 client key.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

OpenVPN Server: 2.6.1 - 2.6.13

External links
https://www.openwall.com/lists/oss-security/2025/04/02/5
https://community.openvpn.net/openvpn/wiki/CVE-2025-2704

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

openEuler 24.03 LTS SP1 update for openvpn

openEuler 24.03 LTS update for openvpn

Ubuntu update for openvpn

Fedora 40 update for openvpn

Fedora 41 update for openvpn

Fedora 42 update for openvpn

Remote denial of service in OpenVPN server