CVE-2025-15497 — Reachable Assertion in Openvpn

CWE-617 — Reachable Assertion5 documents5 sources

Severity

3.8LOWNVD

EPSS

0.1%

top 79.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openvpn Debian Openvpn

Timeline

PublishedJan 30

Description

Insufficient epoch key slot processing in OpenVPN 2.7_alpha1 through 2.7_rc5 allows remote authenticated users to trigger an assert resulting in a denial of service

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H

Affected Packages3 packages

▶debiandebian/openvpn< openvpn 2.7.0~rc5-1 (forky)

▶Debianopenvpn/openvpn< 2.7.0~rc5-1

▶CVEListV5openvpn/openvpn2.7_alpha1 — 2.7_rc5

🔴Vulnerability Details

GHSA

GHSA-4vwr-5vph-4mjg: Insufficient epoch key slot processing in OpenVPN 2↗2026-01-30

▶

OSV

CVE-2025-15497: Insufficient epoch key slot processing in OpenVPN 2↗2026-01-30

▶

📋Vendor Advisories

Debian

CVE-2025-15497: openvpn - Insufficient epoch key slot processing in OpenVPN 2.7_alpha1 through 2.7_rc5 all...↗2025

▶

🕵️Threat Intelligence

Wiz

CVE-2025-15497 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶