Summary: OpenVPN has patched a critical security vulnerability (CVE-2025-2704) affecting its server software, which could allow attackers to crash servers using specific configurations. The newly released version 2.6.14 addresses the issue while ensuring no data leaks or direct remote code execution is possible. OpenVPN clients remain unaffected by this vulnerability, highlighting the importance of proactive security measures.
Affected: OpenVPN servers (versions 2.6.1 to 2.6.13 using โtls-crypt-v2 configuration)
Keypoints :
- Vulnerability allows denial-of-service attacks through malformed packets.
- Affected versions are between 2.6.1 and 2.6.13 for OpenVPN servers.
- OpenVPN has released version 2.6.14 to fix the issue and improve security protocols.
- All OpenVPN clients remain unaffected by the bug.
- Regular audits of server configurations are recommended for users of advanced features.
Source: https://gbhackers.com/openvpn-flaw/
Views: 18