Openvpn Security Vulnerabilities (CVEs)

Track 23 security vulnerabilities affecting Openvpn products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.

5 Critical

14 High

4 Medium

Sort by:

🔔 Get Alerts for Openvpn

CVE-2025-13086 7.5

This vulnerability in OpenVPN allows attackers to hijack VPN sessions by spoofing source IP addresses, causing denial of service for legitimate client...

Dec 3, 2025

CVE-2025-13751 5.5

A local denial-of-service vulnerability in OpenVPN's Windows interactive service agent allows authenticated local users to crash the service by trigge...

Dec 3, 2025

CVE-2025-50054 5.5

A buffer overflow vulnerability in OpenVPN's ovpn-dco-win kernel driver allows local user processes to send oversized control messages, causing system...

Jun 20, 2025

CVE-2025-3908 6.2

This vulnerability allows a local attacker on Linux systems to create symbolic links that trick OpenVPN's configuration initialization tool into chang...

May 19, 2025

CVE-2024-4877 8.8

This vulnerability allows a lower-privileged process on Windows to create a named pipe that the OpenVPN GUI component automatically connects to, enabl...

Apr 3, 2025

CVE-2025-2704 7.5

This vulnerability allows remote attackers to cause a denial of service in OpenVPN servers by corrupting and replaying network packets during the earl...

Apr 2, 2025

CVE-2024-13454 5.3

This vulnerability in Easy-RSA allows a local attacker to more easily brute-force the private CA key when it's created using OpenSSL 3. The weak encry...

Jan 20, 2025

CVE-2024-8474 7.5

OpenVPN Connect versions before 3.5.0 log the configuration profile's private key in clear text within application logs. This allows unauthorized acto...

Jan 6, 2025

CVE-2024-5594 9.1

OpenVPN clients before version 2.6.11 are vulnerable to log injection attacks when connecting to malicious servers. An attacker controlling an OpenVPN...

Jan 6, 2025

CVE-2024-1305 9.8

CVE-2024-1305 is an integer overflow vulnerability in the tap-windows6 driver (version 9.26 and earlier) that allows attackers to overflow memory buff...

Jul 8, 2024

CVE-2024-24974 7.5

CVE-2024-24974 allows remote attackers to interact with the privileged OpenVPN interactive service pipe, potentially enabling unauthorized access or c...

Jul 8, 2024

CVE-2024-27903 9.8

CVE-2024-27903 is a critical vulnerability in OpenVPN on Windows where plug-ins can be loaded from any directory, allowing attackers to execute arbitr...

Jul 8, 2024

CVE-2023-7235 8.4

This vulnerability allows attackers to replace OpenVPN binaries with malicious executables when OpenVPN is installed to a non-standard directory. It a...

Feb 21, 2024

CVE-2023-7245 7.8

This vulnerability allows a local user to execute arbitrary code within the nodejs process context of OpenVPN Connect by exploiting the ELECTRON_RUN_A...

Feb 20, 2024

CVE-2023-7224 7.8

This vulnerability in OpenVPN Connect for macOS allows local users to execute arbitrary code by exploiting the DYLD_INSERT_LIBRARIES environment varia...

Jan 8, 2024

CVE-2023-46850 9.8

CVE-2023-46850 is a use-after-free vulnerability in OpenVPN that can lead to memory corruption, information disclosure, or remote code execution when ...

Nov 11, 2023

CVE-2020-20813 7.5

This vulnerability in OpenVPN allows remote attackers to send crafted reset packets through the control channel, causing a denial of service (DoS) con...

Aug 22, 2023

CVE-2022-33738 7.5

OpenVPN Access Server versions before 2.11 use a weak random generator to create user session tokens for the web portal. This vulnerability allows att...

Jul 6, 2022

CVE-2022-0547 9.8

This vulnerability allows authentication bypass in OpenVPN when using external authentication plugins with deferred authentication replies. Attackers ...

Mar 18, 2022

CVE-2021-3547 7.4

This vulnerability allows a man-in-the-middle attacker to bypass certificate authentication in OpenVPN 3 Core Library by presenting an unrelated serve...

Jul 12, 2021

CVE-2021-3613 7.8

CVE-2021-3613 is a local privilege escalation vulnerability in OpenVPN Connect for Windows that allows local users to load arbitrary dynamic libraries...

Jul 2, 2021

CVE-2020-36382 7.5

CVE-2020-36382 is a denial-of-service vulnerability in OpenVPN Access Server where remote attackers can trigger an assertion failure during user authe...

Jun 4, 2021

CVE-2020-15076 7.8

The Private Tunnel installer for macOS versions 3.0.1 and older contains a symlink vulnerability that allows attackers to corrupt critical system file...

May 26, 2021

Why Monitor Openvpn Security Vulnerabilities?

Real-time CVE tracking: Our automated system monitors 23+ known vulnerabilities affecting Openvpn products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.

Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Openvpn packages in under 60 seconds. No agents required - completely agentless scanning that works across Openvpn deployments.

Free vulnerability database: Access detailed information about every Openvpn CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.

🚀 Get Started in 60 Seconds

Register free account & add your servers
Run one-time scan or schedule automatic monitoring (every 1-24 hours)
Receive instant alerts when new Openvpn CVEs affect your systems
Access dashboard with severity breakdown & fix instructions

Start Monitoring Openvpn CVEs Free