Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-13086

Опубликовано: 03 дек. 2025
Источник: debian
EPSS Низкий

Описание

Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.6.15 and 2.7_alpha1 through 2.7_rc1 allows an attacker to open a session from a different IP address which did not initiate the connection resulting in a denial of service for the originating client

Пакеты

ПакетСтатусВерсия исправленияРелизТип
openvpnfixed2.7.0~rc2-1experimentalpackage
openvpnfixed2.7.0~rc2-2package
openvpnnot-affectedbullseyepackage

Примечания

  • https://community.openvpn.net/Security%20Announcements/CVE-2025-13086

  • Introduced with: https://github.com/OpenVPN/openvpn/commit/b364711486dc6371ad2659a5aa190941136f4f04 (v2.6_beta1)

  • Prerequisite: https://github.com/OpenVPN/openvpn/commit/68c01720eecc1772b3f648b9e043e396d943f632 (v2.6.15)

  • Fixed by: https://github.com/OpenVPN/openvpn/commit/18c483dd6031d86eb393527855734e8cd62fea19 (v2.7_rc2)

  • Fixed by: https://github.com/OpenVPN/openvpn/commit/fa6a1824b0f37bff137204156a74ca28cf5b6f83 (v2.6.16)

EPSS

Процентиль: 16%
0.00051
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2025-13086

ubuntu
16 дней назад

Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.7_rc1 allows an attacker to open a session from a different IP address which did not initiate the connection resulting in a denial of service for the originating client

nvd логотип

CVE-2025-13086

nvd
16 дней назад

Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.6.15 and 2.7_alpha1 through 2.7_rc1 allows an attacker to open a session from a different IP address which did not initiate the connection resulting in a denial of service for the originating client

github логотип

GHSA-xv5w-q5wq-r3c3

github
15 дней назад

Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.7_rc1 allows an attacker to open a session from a different IP address which did not initiate the connection resulting in a denial of service for the originating client

fstec логотип

BDU:2025-14653

CVSS3: 7.3
fstec
около 1 месяца назад

Уязвимость функции memcmp() программного обеспечения OpenVPN, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 16%
0.00051
Низкий