CVE-2025-13751

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

nteractive service agent in OpenVPN version 2.5.0 through 2.6.16 and 2.7_alpha1 through 2.7_rc2 on Windows allows a local authenticated user to connect to the service and trigger an error causing a local denial of service.

References

Link	Resource
https://community.openvpn.net/Security%20Announcements/CVE-2025-13751	Vendor Advisory
https://www.mail-archive.com/[email protected]/msg00153.html	Mailing List Release Notes
https://www.mail-archive.com/[email protected]/msg00154.html	Mailing List Release Notes

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:openvpn:openvpn:::::community:::*
	cpe:2.3:a:openvpn:openvpn:2.7:alpha1:::community:::*
	cpe:2.3:a:openvpn:openvpn:2.7:alpha2:::community:::*
	cpe:2.3:a:openvpn:openvpn:2.7:alpha3:::community:::*
	cpe:2.3:a:openvpn:openvpn:2.7:beta1:::community:::*
	cpe:2.3:a:openvpn:openvpn:2.7:beta2:::community:::*
	cpe:2.3:a:openvpn:openvpn:2.7:beta3:::community:::*
	cpe:2.3:a:openvpn:openvpn:2.7:rc1:::community:::*
	cpe:2.3:a:openvpn:openvpn:2.7:rc2:::community:::*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

30 Jan 2026, 18:43

Type	Values Removed	Values Added
References	~~() https://community.openvpn.net/Security%20Announcements/CVE-2025-13751 -~~	() https://community.openvpn.net/Security%20Announcements/CVE-2025-13751 - Vendor Advisory
References	~~() https://www.mail-archive.com/[email protected]/msg00153.html -~~	() https://www.mail-archive.com/[email protected]/msg00153.html - Mailing List, Release Notes
References	~~() https://www.mail-archive.com/[email protected]/msg00154.html -~~	() https://www.mail-archive.com/[email protected]/msg00154.html - Mailing List, Release Notes
Summary		(es) El agente de servicio interactivo en OpenVPN desde la versión 2.5.0 hasta la 2.7_rc2 en Windows permite a un usuario local autenticado conectarse al servicio y desencadenar un error, causando una denegación de servicio local.
First Time		Microsoft windows Microsoft Openvpn Openvpn openvpn
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CPE		cpe:2.3:a:openvpn:openvpn:2.7:beta3:::community:::* cpe:2.3:a:openvpn:openvpn:2.7:rc2:::community:::* cpe:2.3:a:openvpn:openvpn:::::community:::* cpe:2.3:a:openvpn:openvpn:2.7:beta2:::community:::* cpe:2.3:o:microsoft:windows:-:::::::* cpe:2.3:a:openvpn:openvpn:2.7:alpha2:::community:::* cpe:2.3:a:openvpn:openvpn:2.7:beta1:::community:::* cpe:2.3:a:openvpn:openvpn:2.7:rc1:::community:::* cpe:2.3:a:openvpn:openvpn:2.7:alpha3:::community:::* cpe:2.3:a:openvpn:openvpn:2.7:alpha1:::community:::*

12 Dec 2025, 14:15

Type	Values Removed	Values Added
References	~~{'url': 'https://www.mail-archive.com/[email protected]/msg00154.htmlhttps://', 'source': '[email protected]'}~~	() https://www.mail-archive.com/[email protected]/msg00154.html -
Summary	~~(en) Interactive service agent in OpenVPN version 2.5.0 through 2.7_rc2 on Windows allows a local authenticated user to connect to the service and trigger an error causing a local denial of service.~~	(en) Interactive service agent in OpenVPN version 2.5.0 through 2.6.16 and 2.7_alpha1 through 2.7_rc2 on Windows allows a local authenticated user to connect to the service and trigger an error causing a local denial of service.

03 Dec 2025, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-12-03 17:15

Updated : 2026-01-30 18:43

NVD link : CVE-2025-13751

Mitre link : CVE-2025-13751

CVE.ORG link : CVE-2025-13751

JSON object : View

Products Affected

openvpn

openvpn

microsoft

windows

CWE

CWE-770

Allocation of Resources Without Limits or Throttling

CWE-775

Missing Release of File Descriptor or Handle after Effective Lifetime

CWE-841

Improper Enforcement of Behavioral Workflow

5.5 /10