Vendor
OpenVPN
Products
2
CVEs
29
Across products
700
Status
Private
Products
2- 674 CVEs
- 26 CVEs
Recent CVEs
29| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-7478 | Hig | 0.52 | 7.5 | 0.05 | May 15, 2017 | OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2. | |
| CVE-2017-7508 | Hig | 0.49 | 7.5 | 0.00 | Jun 27, 2017 | OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet. | |
| CVE-2017-7520 | Hig | 0.48 | 7.4 | 0.00 | Jun 27, 2017 | OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker. | |
| CVE-2017-7522 | Med | 0.42 | 6.5 | 0.01 | Jun 27, 2017 | OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character. | |
| CVE-2017-7479 | Med | 0.42 | 6.5 | 0.00 | May 15, 2017 | OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker. | |
| CVE-2017-5868 | Med | 0.40 | 6.1 | 0.08 | May 26, 2017 | CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via "%0A" characters in the PATH_INFO to __session_start__/. | |
| CVE-2017-7521 | Med | 0.38 | 5.9 | 0.01 | Jun 27, 2017 | OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension(). | |
| CVE-2014-5455 | 0.03 | — | 0.00 | Aug 25, 2014 | Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3.0 (Windows) and OpenVPN Connect version 3.1 (Windows) allows local users to gain privileges via a crafted program.exe file in the %SYSTEMDRIVE% folder. | ||
| CVE-2025-13086 | 0.00 | — | 0.00 | Dec 3, 2025 | Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.6.15 and 2.7_alpha1 through 2.7_rc1 allows an attacker to open a session from a different IP address which did not initiate the connection resulting in a denial of service for the originating client | ||
| CVE-2025-13751 | 0.00 | — | 0.00 | Dec 3, 2025 | Interactive service agent in OpenVPN version 2.5.0 through 2.6.16 and 2.7_alpha1 through 2.7_rc2 on Windows allows a local authenticated user to connect to the service and trigger an error causing a local denial of service. | ||
| CVE-2025-12106 | 0.00 | — | 0.00 | Dec 1, 2025 | Insufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses | ||
| CVE-2024-4877 | 0.00 | — | 0.00 | Apr 3, 2025 | OpenVPN version 2.4.0 through 2.6.10 on Windows allows an external, lesser privileged process to create a named pipe which the OpenVPN GUI component would connect to allowing it to escalate its privileges | ||
| CVE-2025-2704 | 0.00 | — | 0.01 | Apr 2, 2025 | OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase | ||
| CVE-2024-5594 | 0.00 | — | 0.00 | Jan 6, 2025 | OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs. | ||
| CVE-2024-28882 | 0.00 | — | 0.00 | Jul 8, 2024 | OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session | ||
| CVE-2023-7235 | 0.00 | — | 0.00 | Feb 21, 2024 | The OpenVPN GUI installer before version 2.6.9 did not set the proper access control restrictions to the installation directory of OpenVPN binaries when using a non-standard installation path, which allows an attacker to replace binaries to run arbitrary executables. | ||
| CVE-2014-8104 | 0.00 | — | 0.02 | Dec 3, 2014 | OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet. | ||
| CVE-2014-9104 | 0.00 | — | 0.00 | Nov 26, 2014 | Multiple cross-site request forgery (CSRF) vulnerabilities in the XML-RPC API in the Desktop Client in OpenVPN Access Server 1.5.6 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) disconnecting established VPN sessions, (2) connect to arbitrary VPN servers, or (3) create VPN profiles and execute arbitrary commands via crafted API requests. | ||
| CVE-2013-2692 | 0.00 | — | 0.00 | May 13, 2014 | Cross-site request forgery (CSRF) vulnerability in the Admin web interface in OpenVPN Access Server before 1.8.5 allows remote attackers to hijack the authentication of administrators for requests that create administrative users. | ||
| CVE-2013-2061 | 0.00 | — | 0.01 | Nov 18, 2013 | The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher. |