CVE-2025-15497: Low severity OpenVPN OpenVPN vulnerability

Q: What is the severity of CVE-2025-15497?

CVE-2025-15497 is categorized as a denial of service vulnerability.

Q: How do I fix CVE-2025-15497?

To fix CVE-2025-15497, upgrade OpenVPN to a version later than 2.7_rc5.

Q: Who is affected by CVE-2025-15497?

Remote authenticated users of OpenVPN versions 2.7_alpha1 through 2.7_rc5 are affected by CVE-2025-15497.

Q: What does CVE-2025-15497 allow attackers to do?

CVE-2025-15497 allows attackers to trigger an assert that results in a denial of service.

Q: Is CVE-2025-15497 present in stable releases of OpenVPN?

CVE-2025-15497 is present in the alpha and release candidate versions of OpenVPN and not in stable releases.

Published Jan 30, 2026

Updated

Insufficient epoch key slot processing in OpenVPN 2.7alpha1 through 2.7rc5 allows remote authenticated users to trigger an assert resulting in a denial of service

Affected Software

1 affected component

OpenVPN OpenVPN>=2.7_alpha1<=2.7_rc5

Event History

Jan 30, 2026

CVE Published

via MITRE·06:06 PM

Data Sourced

via MITRE·06:06 PM

DescriptionWeakness

Data Sourced

via NVD·06:15 PM

DescriptionSeverityWeakness

Frequently Asked Questions

What is the severity of CVE-2025-15497?

CVE-2025-15497 is categorized as a denial of service vulnerability.

How do I fix CVE-2025-15497?

To fix CVE-2025-15497, upgrade OpenVPN to a version later than 2.7_rc5.

Who is affected by CVE-2025-15497?

Remote authenticated users of OpenVPN versions 2.7_alpha1 through 2.7_rc5 are affected by CVE-2025-15497.

What does CVE-2025-15497 allow attackers to do?

CVE-2025-15497 allows attackers to trigger an assert that results in a denial of service.

Is CVE-2025-15497 present in stable releases of OpenVPN?