Unrated severityNVD Advisory· Published Apr 2, 2025· Updated Oct 23, 2025
CVE-2025-2704
CVE-2025-2704
Description
OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
9- osv-coords7 versionspkg:rpm/opensuse/openvpn-dco&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/openvpn&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/openvpn&distro=openSUSE%20Tumbleweedpkg:rpm/suse/openvpn-dco&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/openvpn-dco&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/openvpn&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/openvpn&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7
< 2.6.8-150600.3.17.1+ 6 more
- (no CPE)range: < 2.6.8-150600.3.17.1
- (no CPE)range: < 2.6.8-150600.3.17.1
- (no CPE)range: < 2.6.14-1.1
- (no CPE)range: < 2.6.8-150600.3.17.1
- (no CPE)range: < 2.6.8-150600.3.17.1
- (no CPE)range: < 2.6.8-150600.3.17.1
- (no CPE)range: < 2.6.8-150600.3.17.1
Patches
Vulnerability mechanics
References
2- community.openvpn.net/openvpn/wiki/CVE-2025-2704mitrevendor-advisory
- www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00142.htmlmitrerelease-notes
News mentions
0No linked articles in our index yet.