CVE-2025-13751
LOW EPSS 4.7%
Published Dec 3, 20256mo ago · Modified Jun 17, 20261w ago
1.3 CVSS 4.0
Published Dec 3, 2025 6mo ago
Last Modified Jun 17, 2026 1w ago
Description
Interactive service agent in OpenVPN version 2.5.0 through 2.6.16 and 2.7_alpha1 through 2.7_rc2 on Windows allows a local authenticated user to connect to the service and trigger an error causing a local denial of service.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Clear Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction P
Scope X
Threat Intelligence
EPSS Exploit Probability
4.7% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 3
CWE-770
CWE-775
CWE-841
Affected Products 10
References 3
- community.openvpn.net https://community.openvpn.net/Security%20Announcements/CVE-2025-13751
- mail-archive.com https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00153.html
- mail-archive.com https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00154.html
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.