CVE-2025-3908 Information

Description

The configuration initialization tool in OpenVPN 3 Linux v20 through v24 on Linux allows a local attacker to use symlinks pointing at an arbitrary directory which will change the ownership and permissions of that destination directory.

Reference

https://community.openvpn.net/Security%20Announcements/CVE-2025-3908