What the vulnerability does

01Description

OpenVPN version 2.4.0 through 2.6.10 on Windows allows an external, lesser privileged process to create a named pipe which the OpenVPN GUI component would connect to allowing it to escalate its privileges

Key dates

02Disclosure timeline

April 3, 2025 CVE published
April 4, 2025 Record updated