CVE-2025-10680
PUBLISHEDOpenVPN 2.7_alpha1 through 2.7_beta1 on POSIX based platforms allows a remote authenticated server to inject shell commands via DNS variables when --dns-updown is in use
Security Metrics
HIGH
CVSS Score:8.8/ 10
Available CVSS Versions:
CVSS v3.1(Primary)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Timeline
- Published
- October 24, 2025
- Reserved
- September 18, 2025
- Last Updated
- October 25, 2025
Assigner
- Organization
- OpenVPN
- CNA
- OpenVPN
Problem Types
CWE-78
Affected Products
| Vendor | Product | Version | Status |
|---|---|---|---|
| OpenVPN | OpenVPN | 2.7_alpha1 | affected |