CVE-2025-12106 — Buffer Over-read in Openvpn

CWE-126 — Buffer Over-read4 documents4 sources

Severity

9.1CRITICALNVD

EPSS

0.1%

top 77.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openvpn Debian Openvpn

Timeline

PublishedDec 1

Description

Insufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages3 packages

▶CVEListV5openvpn/openvpn2.7_alpha1 — 2.7_rc1

▶debiandebian/openvpn

▶NVDopenvpn/openvpn2.6.13, 2.7+1

🔴Vulnerability Details

GHSA

GHSA-xg3m-85r2-236x: Insufficient argument validation in OpenVPN 2↗2025-12-01

▶

📋Vendor Advisories

Debian

CVE-2025-12106: openvpn - Insufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 allows an...↗2025

▶

🕵️Threat Intelligence

Wiz

CVE-2025-15497 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶