CVE-2025-13086: High severity OpenVPN OpenVPN vulnerability
Published Dec 3, 2025
·Updated
Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.6.15 and 2.7alpha1 through 2.7rc1 allows an attacker to open a session from a different IP address which did not initiate the connection resulting in a denial of service for the originating client
Affected Software
9 affected components
OpenVPN OpenVPN>=2.6.0<=2.6.15, >=2.7_alpha1<2.7_rc1
OpenVPN OpenVPN>=2.6.0<2.6.16
OpenVPN OpenVPN=2.7-alpha1
OpenVPN OpenVPN=2.7-alpha2
OpenVPN OpenVPN=2.7-alpha3
OpenVPN OpenVPN=2.7-beta1
OpenVPN OpenVPN=2.7-beta2
OpenVPN OpenVPN=2.7-beta3
OpenVPN OpenVPN=2.7-rc1
Event History
Dec 3, 2025
CVE Published
via MITRE·07:54 PM
Data Sourced
via MITRE·07:54 PM
DescriptionWeakness
Data Sourced
via NVD·08:16 PM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2025-13086?
CVE-2025-13086 has a medium severity rating due to its potential to cause denial of service.
2
How do I fix CVE-2025-13086?
To fix CVE-2025-13086, upgrade OpenVPN to version 2.7_rc2 or later.
3
What specific versions of OpenVPN are affected by CVE-2025-13086?
CVE-2025-13086 affects OpenVPN versions from 2.6.0 up to 2.7_rc1.
4
What type of attack does CVE-2025-13086 enable?
CVE-2025-13086 allows an attacker to open a session from a different IP address, leading to a denial of service.
5
Is CVE-2025-13086 related to authentication issues in OpenVPN?
Yes, CVE-2025-13086 is related to improper validation of source IP addresses, affecting session authentication.