CNNVD-202510-3558 Information

Oct 27, 2025 cve

CNNVD ID

CNNVD-202510-3558

CVE-2025-50055

CNNVD Published: 2025-10-27

Description (Chinese)

OpenVPN Access Server是OpenVPN公司的一个基于Web的VPN管理界面。 OpenVPN Access Server 2.14.0版本至2.14.3版本存在安全漏洞，该漏洞源于SAML Authentication模块中RelayState参数未正确过滤，可能导致跨站脚本攻击。

Description (English)

OpenVPN Access Server is a Web-based VPN management interface for OpenVPN. OpenVPN Access Server 2.14.0 to 2.14.3 has a security loophole, which stems from the incorrect filtering of Relaystate parameters in the SAML Administration module, which may result in a cross-site script attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

OpenVPN

Published

2025-10-27

Last Modified

2026-02-24

References

https://openvpn.net/as-docs/as-3-0-release-notes.html#access-server-3-0-0

Patch

https://openvpn.net/as-docs/as-3-0-release-notes.html#access-server-3-0-release-notes-and-version-updates

Share on: