Initiatieven voor
Als nationale autoriteit voor cyberveiligheid heeft het CCB verschillende initiatieven ontwikkeld voor specifieke doelgroepen die hier worden gepresenteerd.
Warning: Critical vulnerability in OpenVPN client and a validation bypass vulnerability in OpenVPN server, Patch immediately!
Image
Gepubliceerd : 02/12/2025
- Last update: 2/12/2025
- Affected software:
→ OpenVPN client version 2.7_alpha1 through 2.7_rc1
→ OpenVPN server version 2.6.0 through 2.6.15 and 2.7_alpha1 through 2.7_rc1- Type: Remote Code Execution
→ CWE-126: Buffer Over-read
→ Validation bypass vulnerability- CVE/CVSS
→ CVE-2025-12106: CVSS 9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H)
→ CVE-2025-13086 (due to limited information, no CVSS score has been assigned)
Sources
OpenVPN - https://community.openvpn.net/Security%20Announcements/CVE-2025-12106
OpenVPN - https://community.openvpn.net/Security%20Announcements/CVE-2025-13086
Risks
CVE-2025-12106 could cause the OpenVPN client to crash by allowing overreading, leading to system instability. CVE-2025-12106 vulnerability can have a high impact on the confidentiality and integrity of the system.
CVE-2025-13086 could lead to a validation bypass, as it allows more information to be supplied during the initialisation of the connection. Threat actors can exploit CVE-2025-13086 to gain access to additional OpenVPN server-hosted resources, bypassing certain restrictions or checks. CVE-2025-13086 affects the confidentiality, integrity, and availability of the system.
Description
CVE-2025-12106 allows threat actors to cause a denial-of-service attack against the OpenVPN client. A threat actor can trigger a heap buffer over-read when parsing IP addresses.
CVE-2025-13086 can allow a threat actor to bypass source IP address validation on the OpenVPN server. A specific TLS session can be opened in which the state on the server with the from IP address did not initiate the connection.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.
While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.