VYPR
High severityOSV Advisory· Published Aug 5, 2025· Updated Apr 15, 2026

CVE-2025-54870

CVE-2025-54870

Description

VTun-ng is a Virtual Tunnel over TCP/IP network. In versions 3.0.17 and below, failure to initialize encryption modules might cause reversion to plaintext due to insufficient error handling. The bug was first introduced in VTun-ng version 3.0.12. This is fixed in version 3.0.18. To workaround this issue, avoid blowfish-256.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Leakingmemory/Vtun NgOSV2 versions
    v3.0.12, v3.0.13, v3.0.14, …+ 1 more
    • (no CPE)range: v3.0.12, v3.0.13, v3.0.14, …
    • (no CPE)range: <=3.0.17

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.