Primary

Context

OpenVPN Local Denial-of-Service Vulnerability in Windows Interactive Service

Vulnerability

Patched

A denial-of-service vulnerability has been identified in OpenVPN versions 2.5.0 through 2.7_rc2 on Windows. The issue allows a local authenticated user to connect to the interactive service agent and trigger an error that causes a local denial-of-service condition. After the error occurs, OpenVPN connections will fail until the service is restarted or the system is rebooted.

Impact

Exploitation of this vulnerability leads to a local denial-of-service condition, causing OpenVPN connections to fail until the service is manually restarted or the system is rebooted.

Remediation

Users can upgrade to OpenVPN 2.7_rc3, which addresses this vulnerability. The source code and Windows installers are available on the OpenVPN community downloads page. Packages for Debian, Ubuntu, Fedora, RHEL, and openSUSE can be obtained from the official OpenVPN community repositories.

Added: Dec 3, 2025, 5:27 PM

Updated: Dec 3, 2025, 5:27 PM

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

2.5

exploitability

4.0

remediation

7.7

relevance

1.2

threat

0.0

urgency

0.0

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

2.5

exploitability

4.0

remediation

7.7

relevance

1.2

threat

0.0

urgency

0.0

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenVPN Local Denial-of-Service Vulnerability in Windows Interactive Service

Vulnerability

Impact

Remediation

Affected Products

OpenVPN

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating