CVE-2025-50055: XSS

Q: What is the severity of CVE-2025-50055?

CVE-2025-50055 has a moderate severity due to its potential for cross-site scripting (XSS) attacks.

Q: How do I fix CVE-2025-50055?

To fix CVE-2025-50055, upgrade OpenVPN Access Server to a version later than 2.14.3.

Q: What versions of OpenVPN Access Server are affected by CVE-2025-50055?

CVE-2025-50055 affects OpenVPN Access Server versions 2.14.0 through 2.14.3.

Q: What type of vulnerability is CVE-2025-50055?

CVE-2025-50055 is a cross-site scripting (XSS) vulnerability.

Q: What impact can CVE-2025-50055 have on my system?

CVE-2025-50055 can allow an attacker to inject arbitrary web scripts or HTML into a web application.

Published Oct 27, 2025

Updated

Cross-site scripting (XSS) vulnerability in the SAML Authentication module in OpenVPN Access Server version 2.14.0 through 2.14.3 allows configured remote SAML Assertion Consumer Service (ACS) endpoint servers to inject arbitrary web script or HTML via the RelayState parameter

Affected Software

1 affected component

OpenVPN Access Server>=2.14.0<=2.14.3

Event History

Oct 27, 2025

CVE Published

via MITRE·01:39 PM

Data Sourced

via MITRE·01:39 PM

DescriptionWeakness

Data Sourced

via NVD·02:15 PM

DescriptionSeverityWeakness

Frequently Asked Questions

What is the severity of CVE-2025-50055?

CVE-2025-50055 has a moderate severity due to its potential for cross-site scripting (XSS) attacks.

How do I fix CVE-2025-50055?

To fix CVE-2025-50055, upgrade OpenVPN Access Server to a version later than 2.14.3.

What versions of OpenVPN Access Server are affected by CVE-2025-50055?

CVE-2025-50055 affects OpenVPN Access Server versions 2.14.0 through 2.14.3.

What type of vulnerability is CVE-2025-50055?

CVE-2025-50055 is a cross-site scripting (XSS) vulnerability.

What impact can CVE-2025-50055 have on my system?