CVE-2025-13751 — Allocation of Resources Without Limits or Throttling in Openvpn

CWE-770 — Allocation of Resources Without Limits or Throttling CWE-775 — Missing Release of File Descriptor or Handle after Effective Lifetime CWE-841 — Improper Enforcement of Behavioral Workflow5 documents5 sources

Severity

1.3LOWNVD

EPSS

0.0%

top 89.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openvpn Debian Openvpn

Timeline

PublishedDec 3

Description

Interactive service agent in OpenVPN version 2.5.0 through 2.6.16 and 2.7_alpha1 through 2.7_rc2 on Windows allows a local authenticated user to connect to the service and trigger an error causing a local denial of service.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H

Affected Packages3 packages

▶NVDopenvpn/openvpn2.5.0 — 2.6.17+1

▶CVEListV5openvpn/openvpn2.5.0 — 2.6.16+1

▶debiandebian/openvpn

🔴Vulnerability Details

GHSA

GHSA-74jr-8vhj-2c3f: Interactive service agent in OpenVPN version 2↗2025-12-03

▶

📋Vendor Advisories

Red Hat

OpenVPN: OpenVPN: Local denial of service vulnerability in interactive service agent↗2025-12-03

▶

Debian

CVE-2025-13751: openvpn - Interactive service agent in OpenVPN version 2.5.0 through 2.6.16 and 2.7_alpha1...↗2025

▶

🕵️Threat Intelligence

Wiz

CVE-2025-15497 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶