How severe is CVE-2025-2704?

CVE-2025-2704 has a CVSS v3 score of 7.5 (HIGH).

CVE-2025-2704

Name: openvpn
Author: openvpn

7.5HIGH

OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase

Published: 4/2/2025Updated: 10/23/2025

Description

OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase

AI AnalysisPowered by AI

Affected Products

openvpnopenvpn

References

https://community.openvpn.net/openvpn/wiki/CVE-2025-2704
Broken Link
https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00142.html
http://www.openwall.com/lists/oss-security/2025/04/02/5
Mailing List