CVE-2025-2704 - Vulnerability Details

Link	Providers
http://www.openwall.com/lists/oss-security/2025/04/02/5
https://community.openvpn.net/openvpn/wiki/CVE-2025-2704

Type	Values Removed	Values Added
References		http://www.openwall.com/lists/oss-security/2025/04/02/5

Type	Values Removed	Values Added
Description		OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase
Weaknesses		CWE-754
References		https://community.openvpn.net/openvpn/wiki/CVE-2025-2704

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-2704", "assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e", "state": "PUBLISHED", "assignerShortName": "OpenVPN", "dateReserved": "2025-03-24T10:26:42.493Z", "datePublished": "2025-04-02T21:00:58.582Z", "dateUpdated": "2025-04-03T00:11:05.289Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e", "shortName": "OpenVPN", "dateUpdated": "2025-04-02T21:00:58.582Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-754", "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions", "type": "CWE"}]}], "affected": [{"vendor": "OpenVPN", "product": "OpenVPN", "versions": [{"status": "affected", "version": "2.6.1", "lessThanOrEqual": "2.6.13", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase"}], "references": [{"url": "https://community.openvpn.net/openvpn/wiki/CVE-2025-2704"}]}, "adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2025/04/02/5"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-04-03T00:11:05.289Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2025-2704 (string)

assignerOrgId : 36a55730-e66d-4d39-8ca6-3c3b3017965e (string)

state : PUBLISHED (string)

assignerShortName : OpenVPN (string)

dateReserved : 2025-03-24T10:26:42.493Z (string)

datePublished : 2025-04-02T21:00:58.582Z (string)

dateUpdated : 2025-04-03T00:11:05.289Z (string)

}

containers : { »

cna : { »

providerMetadata : { »

orgId : 36a55730-e66d-4d39-8ca6-3c3b3017965e (string)

shortName : OpenVPN (string)

dateUpdated : 2025-04-02T21:00:58.582Z (string)

}

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

cweId : CWE-754 (string)

description : CWE-754 Improper Check for Unusual or Exceptional Conditions (string)

type : CWE (string)

}

]

}

]

affected : [ »

0 : { »

vendor : OpenVPN (string)

product : OpenVPN (string)

versions : [ »

0 : { »

status : affected (string)

version : 2.6.1 (string)

lessThanOrEqual : 2.6.13 (string)

versionType : semver (string)

}

]

defaultStatus : unaffected (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase (string)

}

]

references : [ »

0 : { »

url : https://community.openvpn.net/openvpn/wiki/CVE-2025-2704 (string)

}

]

}

adp : [ »

0 : { »

title : CVE Program Container (string)

references : [ »

0 : { »

url : http://www.openwall.com/lists/oss-security/2025/04/02/5 (string)

}

]

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2025-04-03T00:11:05.289Z (string)

}

]

}

Metrics

Affected Vendors & Products

Metrics

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object