—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple vulnerabilities in Open VPN 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

Open VPN version 2.7_alpha1 through 2.7_rc1 

Open VPN version 2.6.0 through 2.6.15

Overview

Multiple vulnerabilities have been reported in OpenVPN, which could be exploited by an attacker to perform denial-of-service (DoS) and information disclosure.

Target Audience:

All end-user organizations and individuals using affected Open VPN.

Risk Assessment:

High risk of service disruption.

Impact Assessment:

Potential for denial-of-service (DoS).

Description

OpenVPN provides VPN solution to ensure encrypted, reliable connectivity for organizations across diverse network environments.

Multiple vulnerabilities exist in open VPN due to insufficient argument validation during IPv6 address parsing and incorrect implementation of the memcmp() function call in HMAC verification in affected versions.

Successful exploitation of these vulnerabilities could be exploited by an attacker to perform denial-of-service (DoS) and information disclosure.

Solution

Apply appropriate fixes as mentioned in the Open VPN Security Advisory:

https://community.openvpn.net/Security%20Announcements/

https://openvpn.net/security-advisories/

Vendor Information

 

https://openvpn.net/security-advisories/

CVE Name

CVE-2025-12106

CVE-2025-13086

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmkwTIAACgkQ3jCgcSdc

ys8xxRAAnl1kk4tBXdc6udI87lIdP6d9ZZEX2V+0VYZ1nZ99x/NfPuoy70gDLTCL

qXfeyeu1/SBAtInUTPC9xdUPGx7YVLNxc/0SLp77fDx0Hm8epdOVz3syq5EiP6re

xKab1KGszu6DrVDL6lJDMkjGTRIacP3pk7GnL+I3LQPNWA3ncHXgKrCHfzSj2WE0

KkRz12+TylzkNhv3gDxFl+dhY99arJO+k/lLFnWaedeBy12O5+OE5kBkKN2sg1+K

1+MMKKdCTvt77pFXs52+GDmrlFi/knERYt0Q5hZbM/2zkvxAi+I3LBZMa3xbN9gi

k9M0Edcd09ImrtT3Ew1V3yZ/oT+e7Q9Z5vYTz2d307kbz1SfoAjTOT802Z85vZCg

ozfc/kYKb4Ughn90NBbW0zYDC6ol+6n3lRsuFUiV4Ia3J9WtzkOKlDUfzNkyDIV2

tUbAeDYuMzz+pB/WoYuNJPUqCToz2vHCTB/YNiAI4c12aYgM/ENqeuINNo96N3Mg

b1nomt0sVyukJN4MaXNFtGbq2bYGdfW2PJqp7oD9wQQnEgc/jA3T6z9TUc9eBo5U

+5Bn0GkzOtuy3nGXls3JPJBu1qQO0m2XWHMUPAhI6Xt8G6wyZdOaZvVKt1Y3eWiJ

tES+FjydwSUsgfThP3n9JQDoMq9jrOpl45Ysf5i3o/lm5OoNGno=

=xHUN

—–END PGP SIGNATURE—–