Primary

Context

OpenVPN Improper Source IP Validation Vulnerability Leading to Denial-of-Service

Vulnerability

Patched

A denial-of-service vulnerability has been identified in OpenVPN versions 2.6.0 through 2.7_rc1. The issue arises from improper validation of source IP addresses, allowing an attacker to initiate a session from a different IP address. This misconfiguration disrupts the connection for the original client.

Impact

Exploitation of this vulnerability allows an attacker to cause a denial-of-service condition for the client that initiated the connection.

Remediation

Users can upgrade to OpenVPN 2.6.16 or 2.7_rc2, both of which include the necessary fix. Instructions for downloading these versions are available on the OpenVPN website and through official package repositories for Debian, Ubuntu, Fedora, RHEL, and openSUSE.

Added: Dec 3, 2025, 8:25 PM

Updated: Dec 3, 2025, 8:25 PM

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

0.6

exploitability

7.6

remediation

7.7

relevance

1.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

0.6

exploitability

7.6

remediation

7.7

relevance

1.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenVPN Improper Source IP Validation Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

OpenVPN

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating