alpine · CVE-2025-13086

Quick triage

Priority: not assigned Published: Updated:

View at Official alpine advisory, NVD, CVE.org · CVE detail

Freshness: no update timestamp found; verify against the upstream OS advisory manually.

Tracker summary

CVE-2025-13086: 1 source package rows (openvpn); 39 state rows across 6 repos (3.19-main, 3.20-main, 3.21-main, 3.22-main, 3.23-main, edge-main); fixed 8, open 31.

Description:

Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.6.15 and 2.7_alpha1 through 2.7_rc1 allows an attacker to open a session from a different IP address which did not initiate the connection resulting in a denial of service for the originating client

cvelogic Threat Intelligence