CVE-2025-12106

Published Dec 1, 2025

Last updated 4 months ago

CVSS critical 9.1
Tunneling protocol

Overview

Description
Insufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses
Source
security@openvpn.net
NVD status
Analyzed
Products
openvpn

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.1
Impact score
5.2
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Severity
CRITICAL

Weaknesses

security@openvpn.net
CWE-126

Social media

Hype score
Not currently trending

  1. OpenVPN released an urgent patch fixing two critical flaws: a Heap Over-read (CVE-2025-12106, CVSS 9.1) and an HMAC bypass (CVE-2025-13086) that allows unauthenticated DoS. Windows 7 support is broken. #OpenVPN #Cybersecurity #HMACBypass #PatchNow https://t.co/zKs5gPsu5X

    @the_yellow_fall

    2 Dec 2025

    933 Impressions

    7 Retweets

    16 Likes

    7 Bookmarks

    0 Replies

    0 Quotes

  2. [CVE-2025-12106: CRITICAL] Insufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses#cve,CVE-2025-12106,#cybersecurity https://t.co/6pSx9WDjlG https://t.co/MgpQZrg2fQ

    @CveFindCom

    1 Dec 2025

    69 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.CVE-2026-33824
  2. A vulnerability was determined in mkj Dropbear up to 2025.89. Impacted is the function unpackneg of the file src/curve25519.c of the component S Range Check. This manipulation causes improper verification of cryptographic signature. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is considered difficult. The actual existence of this vulnerability is currently in question. Patch name: fdec3c90a15447bd538641d85e5a3e3ac981011d. To fix this issue, it is recommended to deploy a patch. The project maintainer explains: "Signature Malleability is not exploitable in SSH protocol. (...) [A] PoC doesn't exist for SSH implementation, but rather it's against the internal API."CVE-2026-3706
  3. Netmaker makes networks with WireGuard. Prior to version 1.5.0, a user assigned the platform-user role can retrieve WireGuard private keys of all wireguard configs in a network by calling GET /api/extclients/{network} or GET /api/nodes/{network}. While the Netmaker UI restricts visibility, the API endpoints return full records, including private keys, without filtering based on the requesting user's ownership. This issue has been patched in version 1.5.0.CVE-2026-29196
  4. A vulnerability in the processing of Galois/Counter Mode (GCM)-encrypted Internet Key Exchange version 2 (IKEv2) IPsec traffic of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to the allocation of an insufficiently sized block of memory. An attacker could exploit this vulnerability by sending crafted GCM-encrypted IPsec traffic to an affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. To exploit this vulnerability, the attacker must have valid credentials to establish a VPN connection with the affected device.CVE-2026-20049
  5. An attacker may exploit the use of outdated and weak MAC algorithms in the device’s SSH service to potentially compromise the integrity of the SSH session, allowing manipulation of transmitted data if the attacker can interact with the network traffic.CVE-2026-1627

References

Sources include official advisories and independent security research.