What the vulnerability does

01Description

OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase

Key dates

02Disclosure timeline

April 2, 2025 CVE published
October 23, 2025 Record updated