Login Sign Up

CVE-2025-50054

5.5 MEDIUM
Denial of Service Buffer Overflow

📋 TL;DR

A buffer overflow vulnerability in OpenVPN's ovpn-dco-win kernel driver allows local user processes to send oversized control messages, causing system crashes. This affects OpenVPN installations using the Data Channel Offload driver on Windows systems. Only local authenticated users can trigger this vulnerability.

💻 Affected Systems

Products:
  • OpenVPN with ovpn-dco-win driver
Versions: ovpn-dco-win version 1.3.0 and earlier, version 2.5.8 and earlier
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Windows systems using the ovpn-dco-win kernel driver for Data Channel Offload functionality.

📦 What is this software?

Ovpn Dco Win by Openvpn

View all CVEs affecting Ovpn Dco Win →

Ovpn Dco Win by Openvpn

View all CVEs affecting Ovpn Dco Win →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local denial of service causing system crashes or kernel panics, potentially leading to service disruption and data loss.

🟠

Likely Case

Local user causes system instability or crashes OpenVPN service, disrupting VPN connectivity.

🟢

If Mitigated

Minimal impact with proper access controls limiting local user privileges.

🌐 Internet-Facing: LOW - Requires local access to the system, not remotely exploitable.
🏢 Internal Only: MEDIUM - Local authenticated users can cause denial of service affecting VPN services.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires local user access and ability to send control messages to the kernel driver.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: OpenVPN 2.7 alpha2 (released June 19, 2025) includes fixes

Vendor Advisory: https://community.openvpn.net/Security%20Announcements/CVE-2025-50054

Restart Required: Yes

Instructions:

1. Download OpenVPN 2.7 alpha2 or later from OpenVPN community downloads. 2. Install the updated version. 3. Restart the OpenVPN service or reboot the system.

🔧 Temporary Workarounds

Disable ovpn-dco-win driver

windows

Temporarily disable the vulnerable Data Channel Offload driver

netsh interface set interface "OpenVPN Data Channel Offload" admin=disabled

Restrict local user privileges

windows

Limit which local users can interact with OpenVPN services

🧯 If You Can't Patch

  • Implement strict access controls to limit local user privileges on affected systems
  • Monitor for system crashes or OpenVPN service disruptions and implement compensating network controls

🔍 How to Verify

Check if Vulnerable:

Check OpenVPN version and ovpn-dco-win driver version. Vulnerable if using ovpn-dco-win <=1.3.0 or <=2.5.8.

Check Version:

openvpn --version

Verify Fix Applied:

Verify OpenVPN version is 2.7 alpha2 or later and ovpn-dco-win driver is updated.

📡 Detection & Monitoring

Log Indicators:

  • System crash logs
  • OpenVPN service failure events
  • Kernel panic events in Windows Event Viewer

Network Indicators:

  • Sudden VPN connection drops
  • Unusual local process interactions with OpenVPN

SIEM Query:

EventID=1001 OR EventID=41 OR Source="OpenVPN" AND (EventID=6008 OR EventID=6009)

📊 Metadata

CVE ID: CVE-2025-50054
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-122
EPSS Score: 0.02% exploit probability (3.1th percentile)
Published: June 20, 2025
Last Updated: August 21, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-50054, you might also want to check these:

CVE-2021-21940 10.0

A heap-based buffer overflow vulnerability in Anker Eufy Homebase 2's RTSP handling allows remote co...

Same vulnerability type (CWE-122)
CVE-2023-45318 10.0

This critical vulnerability allows remote attackers to execute arbitrary code on systems running Wes...

Same vulnerability type (CWE-122)
CVE-2025-23123 10.0

A heap buffer overflow vulnerability in UniFi Protect Camera firmware allows remote code execution. ...

Same vulnerability type (CWE-122)