OpenVPN Vulnerability Exposes Linux, macOS Systems to Script Injection Attacks
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
A new vulnerability in early versions of OpenVPN<\/a> has been disclosed, potentially allowing malicious servers to execute arbitrary commands on client machines.<\/p>\n The flaw affects OpenVPN releases from 2.7_alpha1 to 2.7_beta1, enabling script-injection attacks on POSIX-based systems such as Linux, macOS, and BSD variants.<\/p>\n The issue stems from inadequate sanitization of the \u2013dns and \u2013dhcp-option arguments. When a client connects to an untrusted VPN service, these parameters are passed unsanitized to the \u2013dns-updown script hook.<\/p>\n This oversight lets attackers embed malicious commands that run with elevated privileges on the client device, risking data theft, malware deployment, or full system compromise. <\/p>\n Security researchers warn that users relying on these beta builds for remote access or secure networking face immediate risks, especially in enterprise or personal setups involving third-party VPN providers.<\/p>\n Designated as CVE-2025-10680<\/a>, the vulnerability has a CVSS score of 8.1 (high severity), highlighting its exploitability over the network without authentication.<\/p>\n It exploits the trust model where clients assume server-pushed DNS configurations are benign. On affected Unix-like systems, the \u2013dns-updown script executes these inputs directly, opening the door to command injection.<\/p>\n Windows users are also impacted if using the built-in PowerShell integration, though the primary exposure remains on Linux and macOS.<\/p>\n Proof-of-concept exploits could involve crafting DNS strings with shell metacharacters, such as backticks or semicolons, to chain additional commands. <\/p>\n The OpenVPN project has confirmed no evidence of widespread exploitation yet, but urges immediate updates.<\/p>\n Responding swiftly, the OpenVPN community released version 2.7_beta2 on October 27, 2025, incorporating critical fixes. <\/p>\n Key among them is enhanced input sanitation for DNS strings, blocking injection attempts<\/a> from trusted-but-malicious servers.<\/p>\n The update also addresses Windows-specific issues, like improved event logging via a new openvpnservmsg.dll, and restores IPv4 broadcast configuration on Linux.<\/p>\n Additional bug fixes include better handling of multi-socket setups on Windows and repairs to DHCP options in TAP mode. Users should download the beta2 build from the official OpenVPN website and test in non-production environments.<\/p>\n For production use, sticking to stable 2.6.x releases remains advisable until 2.7 stabilizes. This incident underscores the importance of validating VPN software betas, particularly in diverse OS ecosystems.<\/p>\n Follow us on Google News<\/a>, LinkedIn<\/a>, and X<\/a> for daily cybersecurity updates. Contact us<\/a> to feature your stories.<\/strong><\/p>\n The post OpenVPN Vulnerability Exposes Linux, macOS Systems to Script Injection Attacks<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\nOpenVPN \u2013 Script Injection Attack<\/strong><\/h2>\n
Patch Released With OpenVPN 2.7_beta2<\/strong><\/h2>\n