Unrated severityNVD Advisory· Published May 19, 2025· Updated May 20, 2025
CVE-2025-3908
CVE-2025-3908
Description
The configuration initialization tool in OpenVPN 3 Linux v20 through v24 on Linux allows a local attacker to use symlinks pointing at an arbitrary directory which will change the ownership and permissions of that destination directory.
Affected products
2- OpenVPN/OpenVPN 3 Linuxv5Range: v20
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.