vulnerability
FreeBSD: VID-2cad4541-0f5b-11f0-89f8-411aefea0df9 (CVE-2025-2704): openvpn -- server-side denial-of-service vulnerability with tls-crypt-v2
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | Apr 2, 2025 | Apr 4, 2025 | Dec 10, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
Apr 2, 2025
Added
Apr 4, 2025
Modified
Dec 10, 2025
Description
Gert Doering reports: OpenVPN servers between 2.6.1 and 2.6.13 using --tls-crypt-v2 can be made to abort with an ASSERT() message by sending a particular combination of authenticated and malformed packets. To trigger the bug, a valid tls-crypt-v2 client key is needed, or network observation of a handshake with a valid tls-crypt-v2 client key No crypto integrity is violated, no data is leaked, and no remote code execution is possible. This bug does not affect OpenVPN clients.
Solutions
freebsd-upgrade-package-openvpnfreebsd-upgrade-package-openvpn-devel
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.