CVE-2025-50054

Description

Buffer overflow in OpenVPN ovpn-dco-win version 1.3.0 and earlier and version 2.5.8 and earlier allows a local user process to send a too large control message buffer to the kernel driver resulting in a system crash

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Affected products

OpenVPN / ovpn-dco-win0 – 1.3.1
OpenVPN / ovpn-dco-win0 – 2.5.9

References

MISChttps://community.openvpn.net/Security%20Announcements/CVE-2025-50054
MISChttps://community.openvpn.net/Downloads#openvpn-27_alpha2-released-19-june-2025