What the vulnerability does

01Description

The configuration initialization tool in OpenVPN 3 Linux v20 through v24 on Linux allows a local attacker to use symlinks pointing at an arbitrary directory which will change the ownership and permissions of that destination directory.

Key dates

02Disclosure timeline

May 19, 2025 CVE published
May 20, 2025 Record updated

Related vulnerabilities

04Related CVE