Components
Vulnerabilities
Pricing
MCP
Docs
Sign up
Login
Find vulnerabilities. Fix fast with AI.
Search components by package, version, or CVE to get started.
Ecosystem
Package
Version
Vulnerabilities
CVE-2025-10680
CVE-2025-10680
OpenVPN 2.7_alpha1 through 2.7_beta1 on POSIX based platforms allows a remote authenticated server to inject shell commands via DNS variables when --dns-updown is in use
Published Oct 29, 2025
https://community.openvpn.net/Security%20Announcements/CVE-2025-10680
https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00149.html
CVSS Score
High
8.6
Components Impacted
Components Impacted
Security Details
Security Details
Sonatype Research
Sonatype Research
Ecosystem
Package
Version
Ecosystem
Package
Version
rpm
openvpn
2.7_alpha1-1.el10_1
rpm
openvpn
2.7_alpha2-1.el10_1
rpm
openvpn
2.7_alpha3-1.el10_1
rpm
openvpn
2.7_beta1-1.el10_0
rpm
openvpn
2.7_beta1-1.el10_1
rpm
openvpn
2.7_beta1-1.el10_2
rpm
openvpn-debuginfo
2.7_alpha1-1.el10_1
rpm
openvpn-debuginfo
2.7_alpha2-1.el10_1
rpm
openvpn-debuginfo
2.7_alpha3-1.el10_1
rpm
openvpn-debuginfo
2.7_beta1-1.el10_0
rpm
openvpn-debuginfo
2.7_beta1-1.el10_1
rpm
openvpn-debuginfo
2.7_beta1-1.el10_2
rpm
openvpn-debugsource
2.7_alpha1-1.el10_1
rpm
openvpn-debugsource
2.7_alpha2-1.el10_1
rpm
openvpn-debugsource
2.7_alpha3-1.el10_1
rpm
openvpn-debugsource
2.7_beta1-1.el10_0
rpm
openvpn-debugsource
2.7_beta1-1.el10_1
rpm
openvpn-debugsource
2.7_beta1-1.el10_2
rpm
openvpn-devel
2.7_alpha1-1.el10_1
rpm
openvpn-devel
2.7_alpha2-1.el10_1
rpm
openvpn-devel
2.7_alpha3-1.el10_1
rpm
openvpn-devel
2.7_beta1-1.el10_0
rpm
openvpn-devel
2.7_beta1-1.el10_1
rpm
openvpn-devel
2.7_beta1-1.el10_2
1-24 of 24
CVE-2025-10680 | Components Impacted | Sonatype Guide | Sonatype Guide
