CVE-2025-13751 — Vulnetix

CVE-2025-13751 PUBLISHED CVSS 1.2999999523162842 LOW

Interactive service agent in OpenVPN version 2.5.0 through 2.7_rc2 on Windows allows a local authenticated user to connect to the service and trigger an error causing a local denial of service.

EPSS 0.01% · 1.3th percentile

Risk Scores

CVSS v4.0

1.2999999523162842

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/U:Clear

EPSS Score

0.01%

1.3th percentile

Affected Products

Vendor	Product	Versions
openvpn	openvpn	2.7, 2.7, 2.7
OpenVPN	OpenVPN	2.5.0, *

Timeline

Nov 26, 2025 CVE ID Reserved
Dec 3, 2025 CVE Published
Dec 3, 2025 PoC Published
Dec 4, 2025 EPSS Score
Dec 8, 2025 EPSS Score
Dec 12, 2025 CVE Updated
Dec 13, 2025 EPSS Score
Dec 17, 2025 EPSS Score
Dec 21, 2025 EPSS Score
Dec 26, 2025 EPSS Score
Dec 30, 2025 EPSS Score
Jan 3, 2026 EPSS Score

References

https://community.openvpn.net/Security%20Announcements/CVE-2025-13751 vendor-advisory
https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00154.html url
https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00153.html url
https://nvd.nist.gov/vuln/detail/CVE-2025-13751 advisory
https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00154.htmlhttps: url

Open in Interactive Console →