GCVE - cpe:2.3:a:openvpn:openvpn:2.7:alpha2:*:*:community:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:openvpn:openvpn:2.7:alpha2:*:*:community:*:*:*

part: a version: 2.7 update: alpha2

Vendor	Openvpn (`69250643-f594-58ab-9395-086994cbe5f3`)
Product	Openvpn (`cff78dd9-2909-5405-93d7-f62ace8a52df`)
Edition	*
Language	*
Software edition	community
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/openvpn`	purl2cpe	2026-06-01 10:12:11.053309
`pkg:deb/ubuntu/openvpn`	purl2cpe	2026-06-01 10:12:11.053311
`pkg:github/openvpn/openvpn`	purl2cpe	2026-06-01 10:12:11.053312

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-13751`	vulnerable	2026-06-03 14:58:53.574247	Details available Interactive service agent in OpenVPN version 2.5.0 through 2.6.16 and 2.7_alpha1 through 2.7_rc2 on Windows allows a local authenticated user to connect to the service and trigger an error causing a local denial of service. Published: 2025-12-03T16:22:35.771Z Updated: 2025-12-12T13:56:20.684Z Open on db.gcve.eu Reference links https://community.openvpn.net/Security%20Announcements/CVE-2025-13751 https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00154.html https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00153.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-13086`	vulnerable	2026-06-03 14:58:45.499494	Details available Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.6.15 and 2.7_alpha1 through 2.7_rc1 allows an attacker to open a session from a different IP address which did not initiate the connection resulting in a denial of service for the originating client Published: 2025-12-03T19:54:10.737Z Updated: 2025-12-12T13:50:46.678Z Open on db.gcve.eu Reference links https://community.openvpn.net/Security%20Announcements/CVE-2025-13086 https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00152.html https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00151.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-12106`	vulnerable	2026-06-03 14:58:43.808436	Details available Insufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses Published: 2025-12-01T12:43:02.480Z Updated: 2025-12-01T18:50:28.995Z Open on db.gcve.eu Reference links https://community.openvpn.net/Security%20Announcements/CVE-2025-12106 https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00152.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

OpenVPN 2.7 Alpha 2 Community Edition

PURL mappings

Vulnerability references

Contribute