High severityOSV Advisory· Published Aug 5, 2025· Updated Apr 15, 2026
CVE-2025-54870
CVE-2025-54870
Description
VTun-ng is a Virtual Tunnel over TCP/IP network. In versions 3.0.17 and below, failure to initialize encryption modules might cause reversion to plaintext due to insufficient error handling. The bug was first introduced in VTun-ng version 3.0.12. This is fixed in version 3.0.18. To workaround this issue, avoid blowfish-256.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2v3.0.12, v3.0.13, v3.0.14, …+ 1 more
- (no CPE)range: v3.0.12, v3.0.13, v3.0.14, …
- (no CPE)range: <=3.0.17
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.