CVE-2025-15497

Summary

Insufficient epoch key slot processing in OpenVPN 2.7_alpha1 through 2.7_rc5 allows remote authenticated users to trigger an assert resulting in a denial of service

Affected Software

VendorProductVersion RangeStatus
OpenVPNOpenVPN2.7_alpha1 <= 2.7_rc5affected

Weaknesses

  • CWE-617: CWE-617: Reachable Assertion

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References