Insufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses
References
| Link | Resource |
|---|---|
| https://community.openvpn.net/Security%20Announcements/CVE-2025-12106 | Vendor Advisory |
| https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00152.html | Mailing List |
Configurations
Configuration 1 (hide)
|
History
30 Dec 2025, 14:52
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Openvpn openvpn
Openvpn |
|
| References | () https://community.openvpn.net/Security%20Announcements/CVE-2025-12106 - Vendor Advisory | |
| References | () https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00152.html - Mailing List | |
| CPE | cpe:2.3:a:openvpn:openvpn:2.7:alpha3:*:*:community:*:*:* cpe:2.3:a:openvpn:openvpn:2.7:alpha1:*:*:community:*:*:* cpe:2.3:a:openvpn:openvpn:2.7:beta2:*:*:community:*:*:* cpe:2.3:a:openvpn:openvpn:2.7:beta1:*:*:community:*:*:* cpe:2.3:a:openvpn:openvpn:2.7:beta3:*:*:community:*:*:* cpe:2.3:a:openvpn:openvpn:2.7:alpha2:*:*:community:*:*:* cpe:2.3:a:openvpn:openvpn:2.7:rc1:*:*:community:*:*:* cpe:2.3:a:openvpn:openvpn:2.6.13:*:*:*:community:*:*:* |
01 Dec 2025, 19:15
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.1 |
01 Dec 2025, 13:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-12-01 13:16
Updated : 2025-12-30 14:52
NVD link : CVE-2025-12106
Mitre link : CVE-2025-12106
CVE.ORG link : CVE-2025-12106
JSON object : View
Products Affected
openvpn
- openvpn
CWE
CWE-126
Buffer Over-read