OpenVPN Critical Vulnerability - 20250110002¶
Overview¶
Security vulnerabilities within OpenVPN, first identified and patched in June 2024, has recently been disclosed publicly (as of January 2025) as being critical in severity. Exploitation of the vulnerability(s) allows attackers to inject arbitrary data into third-party executables or plug-ins, allowing them to execute code or cause denial-of-service attacks.
What is vulnerable?¶
| Product(s) Affected | Version(s) | CVE | CVSS | Severity |
|---|---|---|---|---|
| OpenVPN | < 2.6.11 | CVE-2024-5594 | 9.1 | Critical |
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of 48 hours... (refer Patch Management):