CVE-2025-13751: Medium severity OpenVPN OpenVPN vulnerability
Published Dec 3, 2025
·Updated
Interactive service agent in OpenVPN version 2.5.0 through 2.6.16 and 2.7alpha1 through 2.7rc2 on Windows allows a local authenticated user to connect to the service and trigger an error causing a local denial of service.
Affected Software
11 affected components
OpenVPN OpenVPN>=2.5.0<=2.6.16, >=2.7_alpha1<2.7_rc2
All of the following
Any of the following
OpenVPN OpenVPN>=2.5.0<2.6.17
OpenVPN OpenVPN=2.7-alpha1
OpenVPN OpenVPN=2.7-alpha2
OpenVPN OpenVPN=2.7-alpha3
OpenVPN OpenVPN=2.7-beta1
OpenVPN OpenVPN=2.7-beta2
OpenVPN OpenVPN=2.7-beta3
OpenVPN OpenVPN=2.7-rc1
OpenVPN OpenVPN=2.7-rc2
Microsoft Windows
Event History
Dec 3, 2025
CVE Published
via MITRE·04:22 PM
Data Sourced
via MITRE·04:22 PM
DescriptionWeakness
Data Sourced
via NVD·05:15 PM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2025-13751?
CVE-2025-13751 is classified as a local denial of service vulnerability.
2
How do I fix CVE-2025-13751?
To remediate CVE-2025-13751, upgrade OpenVPN to version 2.7_rc3 or later.
3
Who is affected by CVE-2025-13751?
CVE-2025-13751 affects local authenticated users on Windows systems running OpenVPN version 2.5.0 through 2.7_rc2.
4
What does CVE-2025-13751 do?
CVE-2025-13751 allows a local authenticated user to trigger an error in OpenVPN, resulting in a denial of service.
5
Is there a workaround for CVE-2025-13751?
There are no known workarounds for CVE-2025-13751; upgrading is the recommended action.