CVE-2025-50055

Published Oct 27, 2025

Last updated 11 days ago

CVSS medium 6.4
Tunneling protocol

Overview

Description
Cross-site scripting (XSS) vulnerability in the SAML Authentication module in OpenVPN Access Server version 2.14.0 through 2.14.3 allows configured remote SAML Assertion Consumer Service (ACS) endpoint servers to inject arbitrary web script or HTML via the RelayState parameter
Source
security@openvpn.net
NVD status
Deferred

Risk scores

CVSS 3.1

Type
Secondary
Base score
6.4
Impact score
2.7
Exploitability score
3.1
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Severity
MEDIUM

Weaknesses

security@openvpn.net
CWE-79

Social media

Hype score
Not currently trending

  1. CVE-2025-50055 Cross-site scripting (XSS) vulnerability in the SAML Authentication module in OpenVPN Access Server version 2.14.0 through 2.14.3 allows configured remote SAML Assert… https://t.co/6ftJC9Dj5q

    @CVEnew

    27 Oct 2025

    246 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-50055: SAML Injection in OpenVPN Access Server, high rating❗️ The vulnerability allows an attacker to perform JavaScript injection via SAML relaystate, potentially leading to RCE. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/90v5A8EFnm https://t.co/Tu

    @Netlas_io

    8 Aug 2025

    646 Impressions

    2 Retweets

    11 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

Related CVEs

  1. Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.CVE-2026-33824
  2. A vulnerability was determined in mkj Dropbear up to 2025.89. Impacted is the function unpackneg of the file src/curve25519.c of the component S Range Check. This manipulation causes improper verification of cryptographic signature. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is considered difficult. The actual existence of this vulnerability is currently in question. Patch name: fdec3c90a15447bd538641d85e5a3e3ac981011d. To fix this issue, it is recommended to deploy a patch. The project maintainer explains: "Signature Malleability is not exploitable in SSH protocol. (...) [A] PoC doesn't exist for SSH implementation, but rather it's against the internal API."CVE-2026-3706
  3. Netmaker makes networks with WireGuard. Prior to version 1.5.0, a user assigned the platform-user role can retrieve WireGuard private keys of all wireguard configs in a network by calling GET /api/extclients/{network} or GET /api/nodes/{network}. While the Netmaker UI restricts visibility, the API endpoints return full records, including private keys, without filtering based on the requesting user's ownership. This issue has been patched in version 1.5.0.CVE-2026-29196
  4. A vulnerability in the processing of Galois/Counter Mode (GCM)-encrypted Internet Key Exchange version 2 (IKEv2) IPsec traffic of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to the allocation of an insufficiently sized block of memory. An attacker could exploit this vulnerability by sending crafted GCM-encrypted IPsec traffic to an affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. To exploit this vulnerability, the attacker must have valid credentials to establish a VPN connection with the affected device.CVE-2026-20049
  5. An attacker may exploit the use of outdated and weak MAC algorithms in the device’s SSH service to potentially compromise the integrity of the SSH session, allowing manipulation of transmitted data if the attacker can interact with the network traffic.CVE-2026-1627

References

Sources include official advisories and independent security research.