CVE-2025-2704

Published Apr 2, 2025

Last updated 25 days ago

CVSS high 7.5
OpenVPN

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-2704 affects OpenVPN versions 2.6.1 through 2.6.13 when running in server mode with TLS-crypt-v2 enabled. This vulnerability allows remote attackers to cause a denial of service. The denial of service is triggered by corrupting and replaying network packets during the early handshake phase. A patch is available to address this vulnerability, and affected organizations should update their OpenVPN installations.

Description
OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase
Source
security@openvpn.net
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity
HIGH

Weaknesses

security@openvpn.net
CWE-754

Social media

Hype score
Not currently trending

  1. 🚨 ¡OpenVPN en riesgo!🔥🤯 La vulnerabilidad CVE-2025-2704 rompe la autenticación y expone tus datos. 🔓 ¿Usas OpenVPN? Este fallo te interesa. 🔗 Lee el análisis técnico exclusivo: https://t.co/7GM4vNHN0c… #hacking #infosec #hackers #CyberSecurity #OSINT #blog https://t.co/enx

    @Ghost_hacker001

    14 Apr 2025

    33 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 ¡OpenVPN en riesgo!🔥🤯 La vulnerabilidad CVE-2025-2704 rompe la autenticación y expone tus datos. 🔓 ¿Usas OpenVPN? Este fallo te interesa. 🔗 Lee el análisis técnico exclusivo: https://t.co/NDw0eMBPd8 #hacking #infosec #hackers #CyberSecurity #OSINT #blog https://t.co/I6Up

    @debugsec1337

    14 Apr 2025

    21 Impressions

    1 Retweet

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. OpenVPN 安全漏洞(CVE-2025-2704) OpenVPN 2.6.1版本至2.6.13版本存在安全漏洞,该漏洞源于TLS-crypt-v2模式下早期握手阶段可能被破坏和重放网络数据包,导致拒绝服务。 https://t.co/FyyP1YnRPX

    @chenze654321

    14 Apr 2025

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. **🔒 Alerta de Seguridad: OpenVPN (CVE-2025-2704) 🔒** Se ha detectado una vulnerabilidad DoS (Denial of Service) en OpenVPN 2.6.1–2.6.13 (modo servidor) al usar --tls-crypt-v2. Atacantes remotos pueden crashear el servicio, pero no robar datos ni ejecutar código.

    @rickbit19

    13 Apr 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  5. 🔥 OpenVPN Vulnerabilidad (CVE-2025-2704): Crash Servers & Remote Code Execution en +2,700 Fortinet en México https://t.co/OrBf5HprvF

    @tpx_Security

    13 Apr 2025

    182 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  6. ⚡️Vulnerabilidad crítica en OpenVPN⚡️ Una falla de seguridad en Open VPN (CVE-2025-2704) afecta a las versiones 2.6.1 hasta la 2.6.13. Podría causar caídas en tu servidor. ✅¡Actualiza ya a la versión 2.6.14! https://t.co/ABCtPtilPg #OpenVPN #Ciberseguridad #Cloudsdefense

    @Clouds_Defense

    10 Apr 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 🦹‍♂️⚛️ Villain of the Week ⚛️🦹‍♂️ A high-severity vulnerability, CVE-2025-2704, has been identified in OpenVPN versions 2.6.1 to 2.6.13 when using the --tls-crypt-v2 feature. This flaw allows unauthenticated remote attackers to send specially crafted packets that can crash th

    @vicariusltd

    9 Apr 2025

    44 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  8. OpenVPNでクリティカルな脆弱性(CVE-2025-2704) –tls-crypt-v2環境でサーバークラッシュのリスク #セキュリティ対策Lab #セキュリティ #Security https://t.co/1nnFbcT38f

    @securityLab_jp

    8 Apr 2025

    52 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  9. 🚨Alert🚨CVE-2025-2704:OpenVPN Vulnerability Let Attackers Crash Servers & Execute Remote Code 📊 3.2M+ Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/bjfitNx2IK 👇Query HUNTER : https://t.co/q9rtuGgxk7="OpenVPN" FOFA : product="OPENVPN"

    @HunterMapping

    7 Apr 2025

    7443 Impressions

    61 Retweets

    151 Likes

    65 Bookmarks

    1 Reply

    0 Quotes

  10. Vulnerabilidad de OpenVPN permite a atacantes bloquear servidores y ejecutar código remoto CVE-2025-2704 https://t.co/VrPfmfc2jx https://t.co/0OyP7mtdC1

    @elhackernet

    6 Apr 2025

    11900 Impressions

    105 Retweets

    241 Likes

    74 Bookmarks

    0 Replies

    1 Quote

  11. 🚨 Critical #OpenVPN vulnerability (CVE-2025-2704) patched! Affects versions 2.6.1–2.6.13 w/ --tls-crypt-v2 enabled. Upgrade to 2.6.14 now to avoid server crashes. Details 👇 #CyberSecurity #InfoSec https://t.co/wjqrR0yA3b

    @threatsbank

    5 Apr 2025

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. ثغرة جديدة على OpenVPN CVE-2025-2704 الاصدارات المصابه من 2.6.1 الى 2.6.13 الثغرة يسبب إستغلالها إلى سقوط بسبب(DoS) إغلاق الثغر إما تحدث للاصدار 2.6.14 او عطل –tls-crypt-v2 https://t.co/Qw0o7CeCO0

    @HereHuss

    5 Apr 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. A critical vulnerability (CVE-2025-2704) in OpenVPN servers (2.6.1 - 2.6.13) could allow denial-of-service attacks. Patch 2.6.14 fixes it, ensuring security remains intact. 🛡️ #OpenVPN #ServerSecurity #USA link: https://t.co/96qb56SZjN https://t.co/Co7v7egCxa

    @TweetThreatNews

    4 Apr 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. 🛑 OpenVPN : une faille de sécurité (CVE-2025-2704) a été corrigée dans OpenVPN. Elle peut être utilisée pour provoquer un déni de service sur le serveur VPN. 👉 Plus d'infos sur IT-Connect : https://t.co/YcqakkiycY #OpenVPN #VPN #infosec https://t.co/YcqakkiycY

    @ITConnect_fr

    4 Apr 2025

    563 Impressions

    5 Retweets

    6 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

References