What the vulnerability does

01Description

OpenVPN Connect before version 3.5.0 can contain the configuration profile's clear-text private key which is logged in the application log, which an unauthorized actor can use to decrypt the VPN traffic

Key dates

02Disclosure timeline

January 6, 2025 CVE published
January 6, 2025 Record updated