CVE-2025-10680

Опубликовано: 24 окт. 2025

Источник: debian

Описание

OpenVPN 2.7_alpha1 through 2.7_beta1 on POSIX based platforms allows a remote authenticated server to inject shell commands via DNS variables when --dns-updown is in use

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
openvpn	not-affected			package

Примечания

https://community.openvpn.net/Security%20Announcements/CVE-2025-10680

Связанные уязвимости

CVE-2025-10680

CVSS3: 8.8

ubuntu

около 2 месяцев назад

OpenVPN 2.7_alpha1 through 2.7_beta1 on POSIX based platforms allows a remote authenticated server to inject shell commands via DNS variables when --dns-updown is in use

CVE-2025-10680

CVSS3: 8.8

nvd

около 2 месяцев назад

OpenVPN 2.7_alpha1 through 2.7_beta1 on POSIX based platforms allows a remote authenticated server to inject shell commands via DNS variables when --dns-updown is in use

GHSA-wfq6-x28p-qgh6

CVSS3: 8.8

github

около 2 месяцев назад

OpenVPN 2.7_alpha1 through 2.7_beta1 on POSIX based platforms allows a remote authenticated server to inject shell commands via DNS variables when --dns-updown is in use

BDU:2025-13551

CVSS3: 8.8

fstec

2 месяца назад

Уязвимость компонента --dns-updown программного обеспечения OpenVPN, позволяющая нарушителю выполнить произвольный код