VYPR
Unrated severityNVD Advisory· Published May 19, 2025· Updated May 20, 2025

CVE-2025-3908

CVE-2025-3908

Description

The configuration initialization tool in OpenVPN 3 Linux v20 through v24 on Linux allows a local attacker to use symlinks pointing at an arbitrary directory which will change the ownership and permissions of that destination directory.

Affected products

2
  • OpenVPN/OpenVPNllm-fuzzy
    Range: >=20, <=24
  • OpenVPN/OpenVPN 3 Linuxv5
    Range: v20

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.