AI description
CVE-2025-10680 affects OpenVPN versions 2.7_alpha1 through 2.7_beta1 on POSIX-based platforms. It involves a vulnerability where a remote, authenticated server can inject shell commands via DNS variables when the `--dns-updown` script option is used. Specifically, a malicious OpenVPN server could exploit this by injecting scripts. On Linux and similar systems, the DNS options are written to a temporary file that is then sourced by a script running as root, allowing for potential script injection attacks. The vulnerability has been addressed with proper input sanitization in later versions of OpenVPN.
- Description
- OpenVPN 2.7_alpha1 through 2.7_beta1 on POSIX based platforms allows a remote authenticated server to inject shell commands via DNS variables when --dns-updown is in use
- Source
- security@openvpn.net
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security@openvpn.net
- CWE-78
- Hype score
- Not currently trending
🚨🚨CVE-2025-10680 (CVSS 8.8): Script-injection RCE in OpenVPN Client Malicious DNS servers can exploit unsanitized --dns and --dhcp-option parameters to inject commands executed on the client. Search by vul.cve Filter👉vul.cve="CVE-2025-10680" ZoomEye Dork👉app="OpenVPN
@zoomeye_team
29 Oct 2025
1197 Impressions
6 Retweets
28 Likes
7 Bookmarks
0 Replies
0 Quotes
⚠️⚠️ CVE-2025-10680: High 8.8/10 Script-injection RCE in OpenVPN client (affects 2.7_alpha1 → 2.7_beta1) — malicious VPN servers can push crafted --dns / --dhcp-option to the --dns-updown hook and inject commands on Unix clients (Linux/macOS) 🎯3.3m+ Results are fou
@fofabot
29 Oct 2025
1622 Impressions
10 Retweets
28 Likes
6 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨 CVE-2025-10680 : High-Severity OpenVPN Flaw Allows Script Injection on Linux/macOS via Malicious DNS Server 📊3.6M+ Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/bjfitNwuTc 👇Query HUNTER : https://t.co/q9rtuGfZuz="OpenVP
@HunterMapping
29 Oct 2025
5405 Impressions
16 Retweets
53 Likes
25 Bookmarks
1 Reply
1 Quote
🚨 CVE-2025-10680: OpenVPN 2.7_alpha1 through 2.7_beta1 on POSIX based platforms allows a remote authenticated server to inject shell commands via DNS variables when --dns-updown is in use CVSS: 8.8 Published: 2025-10-24 Advisory: https://t.co/hoEpxKMext
@DarkWebInformer
29 Oct 2025
4262 Impressions
4 Retweets
20 Likes
3 Bookmarks
1 Reply
0 Quotes
OpenVPN Flaw CVE-2025-10680 Puts Linux/macOS Users at Risk via DNS - Update Now! Read the full report on - https://t.co/AABA41zOqX https://t.co/EKKofC32N1
@Iambivash007
28 Oct 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
NVD - CVE-2025-10680 https://t.co/vTfEM8NUmr OpenVPN 2.7_alpha1 through 2.7_beta1 on POSIX based platforms allows a remote authenticated server to inject shell commands via DNS variables when --dns-updown is in use
@pHo9UBenaA
28 Oct 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
OpenVPN 2.7系(2.7_alpha1〜2.7_beta1)に、サーバーからクライアントへのDNS構成情報を通じて任意コマンドが実行される脆弱性(CVE-2025-10680)が確認されました。 https://t.co/gTgRHw5WBy
@t_nihonmatsu
28 Oct 2025
426 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
OpenVPNの開発版に深刻な脆弱性(CVE-2025-10680、CVSS 8.8)が発見された。2.7_alpha1〜2.7_beta1が影響を受け、悪意あるVPNサーバに接続するとスクリプトインジェクションを介してクライアント側で任意コード実行が可
@yousukezan
28 Oct 2025
1411 Impressions
2 Retweets
10 Likes
5 Bookmarks
0 Replies
0 Quotes
OpenVPN(クライアント)に深刻な脆弱性。CVE-2025-10680はCVSSスコア8.8で、悪意あるVPNサーバに接続することによりスクリプトインジェクションからの遠隔コード実行が成立。提示される--dnsと--dhcp-option引数の無害
@__kokumoto
28 Oct 2025
778 Impressions
0 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-10680 OpenVPN 2.7_alpha1 through 2.7_beta1 on POSIX based platforms allows a remote authenticated server to inject shell commands via DNS variables when --dns-updown is in … https://t.co/pVQSAjstCP
@CVEnew
24 Oct 2025
313 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes