CVE-2025-10680

HIGH 8.8

CVSS Score

8.8

EPSS Score

0.0%

EPSS Percentile

0th

OpenVPN 2.7_alpha1 through 2.7_beta1 on POSIX based platforms allows a remote authenticated server to inject shell commands via DNS variables when --dns-updown is in use

CWE	CWE-78
Vendor	openvpn
Product	openvpn
Published	Oct 24, 2025
Last Updated	Feb 26, 2026

Stay Ahead of the Next One

Get instant alerts for openvpn openvpn

Be the first to know when new high vulnerabilities affecting openvpn openvpn are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

OpenVPN / OpenVPN

2.7_alpha1 ≤ 2.7_beta1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

community.openvpn.net: https://community.openvpn.net/Security%20Announcements/CVE-2025-10680 mail-archive.com: https://www.mail-archive.com/[email protected]/msg00149.html