CVE-2025-13086 MEDIUM

CVE-2025-13086

Vendor Openvpn
Product OpenVPN
Weakness CWE-940
Published December 3, 2025
Last update December 12, 2025

CVSS base score

4.6/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

What the vulnerability does

01Description

Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.6.15 and 2.7_alpha1 through 2.7_rc1 allows an attacker to open a session from a different IP address which did not initiate the connection resulting in a denial of service for the originating client

Key dates

02Disclosure timeline

December 3, 2025 CVE published
December 12, 2025 Record updated