High severity7.8NVD Advisory· Published Jul 23, 2025· Updated Apr 15, 2026

CVE-2025-8069

Description

During the AWS Client VPN client installation on Windows devices, the install process references the C:\usr\local\windows-x86_64-openssl-localbuild\ssl directory location to fetch the OpenSSL configuration file. As a result, a non-admin user could place arbitrary code in the configuration file. If an admin user starts the AWS Client VPN client installation process, that code could be executed with root-level privileges. This issue does not affect Linux or Mac devices.

We recommend users discontinue any new installations of AWS Client VPN on Windows prior to version 5.2.2.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

aws.amazon.com/security/security-bulletins/AWS-2025-014/nvd
docs.aws.amazon.com/vpn/latest/clientvpn-user/client-vpn-connect-windows-release-notes.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000