CVE-2025-15497 Insufficient — Exploit & Vulnerability Details LOW

CVE-2025-15497

LOW CVSS 4.0: 3.8 EPSS 0.07%

Parameter	Value
CVSS	3.8 (LOW)
Type	CWE-617
Vendor	Insufficient
Public PoC	No

Insufficient epoch key slot processing in OpenVPN 2.7_alpha1 through 2.7_rc5 allows remote authenticated users to trigger an assert resulting in a denial of service

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

High

Difficult to exploit

Attack Requirements

None

No additional conditions

Privileges Required

Low

Basic privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

None

No data leak

Integrity

None

No data modification

Availability

High

Complete denial of service

CVSS Vector v4.0

Weakness Type (CWE)

CWE-617

References 2

https://community.openvpn.net/Security%20Announcements/CVE-2025-15497

security@openvpn.net

https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00156.ht…

security@openvpn.net

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-3466

Insufficient

8.5

Menu

CVE-2025-15497

Attack Parameters

Impact Assessment

CVSS Vector v4.0

Weakness Type (CWE)

References 2

Related Vulnerabilities

CVE-2026-3466

CVE Details

Editor's Choice

Menu

CVE-2025-15497

Attack Parameters

Impact Assessment

CVSS Vector v4.0

Weakness Type (CWE)

References 2

Related Vulnerabilities

CVE-2026-3466

CVE Details

Editor's Choice

Stay informed on cybersecurity