SUSE-SU-2026:20196-1 Security update for openvpn

This update for openvpn fixes the following issues: - CVE-2025-13086: Fixed improper validation of source IP addresses in OpenVPN that could lead to DoS bsc1254486...

Linux Distros Unpatched Vulnerability : CVE-2025-15497

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - openvpn - None CVE-2025-15497 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C Tenable, In...

CVE-2025-13751 vulnerabilities

Vulnerabilities for packages: openvpn...

GHSA-74JR-8VHJ-2C3F vulnerabilities

Vulnerabilities for packages: openvpn...

CVE-2025-13751 vulnerabilities

Vulnerabilities for packages: openvpn...

GHSA-74JR-8VHJ-2C3F vulnerabilities

Vulnerabilities for packages: openvpn...

Astra Linux – Vulnerability in OpenVPN

Improper validation of source IP addresses in OpenVPN versions 2.6.0 through 2.6.15, and 2.7alpha1 through 2.7rc1, allows an attacker to open a session from a different IP address that did not initiate the connection. This results in a denial of service for the originating client...

CVE-2018-10204

PureVPN 6.0.1 for Windows suffers from a SYSTEM privilege escalation vulnerability in its "sevpnclient" service. When configured to use the OpenVPN protocol, the "sevpnclient" service executes "openvpn.exe" using the OpenVPN config file located at %PROGRAMDATA%\purevpn\config\config.ovpn. This fi...

CVE-2018-10169

ProtonVPN 1.3.3 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "ProtonVPN Service" service. This service establishes an NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "Connect" method accepts a...

CVE-2021-31604

furlongm openvpn-monitor through 1.1.3 allows CSRF to disconnect an arbitrary client...

CVE-2021-31606

furlongm openvpn-monitor through 1.1.3 allows Authorization Bypass to disconnect arbitrary clients...

CVE-2021-31605

furlongm openvpn-monitor through 1.1.3 allows %0a command injection via the OpenVPN management interface socket. This can shut down the server via signal%20SIGTERM...

CVE-2020-7224

The Aviatrix OpenVPN client through 2.5.7 on Linux, macOS, and Windows is vulnerable when OpenSSL parameters are altered from the issued value set; the parameters could allow unauthorized third-party libraries to load...

CVE-2025-23384

A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU 6GK6108-4AM00-2BA2 All versions V8.2.1, RUGGEDCOM RM1224 LTE4G NAM 6GK6108-4AM00-2DA2 All versions V8.2.1, SCALANCE M804PB 6GK5804-0AP00-2AA2 All versions V8.2.1, SCALANCE M812-1 ADSL-Router family All versions V8.2.1, SCALANCE M816...

CVE-2024-39798

Multiple external config control vulnerabilities exists in the openvpn.cgi openvpnserversetup functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these...

ROS-20251226-7304

Vulnerability in openvpn due to failure to take measures to protect the structure of a web page. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

CVE-2025-13086

A flaw was found in OpenVPN. This vulnerability allows a denial of service DoS for the originating client via improper validation of source Internet Protocol IP addresses, allowing an attacker to open a session from a different IP address which did not initiate the connection. Mitigation Mitigati...

PT-2025-51091

Name of the Vulnerable Software and Affected Versions TOTOLINK X5000R version 9.1.0cu.2089 B20211224 Description A flaw exists in TOTOLINK X5000R that allows for operating system command injection. This occurs due to the manipulation of the User argument within the snprintf function located in th...

CVE-2025-13751

A flaw was found in OpenVPN. This vulnerability allows a local denial of service via a local authenticated user connecting to the interactive service agent on Windows and triggering an error. Mitigation Mitigation for this issue is either not available or the currently available options do not me...

Amazon Linux 2023 : openvpn, openvpn-devel (ALAS2023-2025-1312)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1312 advisory. HMAC verification check: fix incorrect memcmp call NOTE: https://community.openvpn.net/Security%20Announcements/CVE-2025-13086 CVE-2025-13086 Tenable has extracted the preceding description block...