What the vulnerability does

01Description

Insufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses

Key dates

02Disclosure timeline

December 1, 2025 CVE published
December 1, 2025 Record updated