CVE-2025-3908

The configuration initialization tool in OpenVPN 3 Linux v20 through v24 on Linux allows a local attacker to use symlinks pointing at an arbitrary directory which will change the ownership and permissions of that destination directory.
Link Following
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.2 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
OpenVPNCNA
---
---
CISA-ADPADP
6.2 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openvpn3-client
plucky
needs-triage
oracular
dne
noble
dne
jammy
dne
focal
dne
Common Weakness Enumeration
References
https://community.openvpn.net/Security%20Announcements/CVE-2025-3908
http://www.openwall.com/lists/oss-security/2025/05/20/2