OpenVPN Flaw Lets DNS Hack Linux, macOS Devices
Security researchers have identified a high-severity vulnerability in OpenVPN, tracked as CVE-2025-10680, that affects versions 2.7_alpha1 through 2.7_beta1. The OpenVPN flaw lets DNS servers controlled by attackers inject malicious scripts into Linux and macOS systems. If exploited, the flaw could allow unauthorized code execution during VPN connection setup.
The vulnerability carries a CVSS score of 8.8, placing it in the high-risk category. Researchers found that a compromised DNS server could exploit the issue during the OpenVPN initialization process. This creates an attack vector where users unknowingly execute harmful scripts, potentially exposing sensitive data or system integrity.
Although the flaw impacts only development versions of OpenVPN, organizations using these builds remain at risk. The OpenVPN flaw lets DNS responses manipulate system behavior in ways not anticipated by default configurations. Users running affected versions should upgrade immediately or apply recommended mitigations.
Read the full report for technical details and mitigation steps: