OpenVPN 2.7 Alpha to RC5 DoS via Epoch Key Slot Assertion
CVE-2025-15497 Published on January 30, 2026
Insufficient epoch key slot processing in OpenVPN 2.7_alpha1 through 2.7_rc5 allows remote authenticated users to trigger an assert resulting in a denial of service
Weakness Type
What is an assertion failure Vulnerability?
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
CVE-2025-15497 has been classified to as an assertion failure vulnerability or weakness.
Products Associated with CVE-2025-15497
Want to know whenever a new CVE is published for OpenVPN? stack.watch will email you.
Affected Versions
OpenVPN:- Version 2.7_alpha1, <= 2.7_rc5 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.