suse · CVE-2025-13086

Quick triage

Priority: high Published: 2025-12-23 00:48:52 UTC Updated: 2026-04-16 14:32:33 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2025-13086 severity important: SUSE including 16 source package names (2.1.3-5.6:libpcp3-6.2.0-1.1, 2.1.3-5.6:libpcp_import1-6.2.0-1.1, …), 99 product×package rows across 32 product lines (Container suse/sl-micro/6.0/baremetal-os-container, SLES-LTSS-TERADATA 15 SP2, … (32 product lines)): Known Not Affected 59, Fixed 36, First Fixed 4.

Description:

Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.6.15 and 2.7_alpha1 through 2.7_rc1 allows an attacker to open a session from a different IP address which did not initiate the connection resulting in a denial of service for the originating client

cvelogic Threat Intelligence