Ref# ADV2025_400 | Date: Dec 4th 2025

---

OpenVPN published a security advisory highlighting vulnerabilities in the following product on November 18th, 2025. It is recommended that you take these necessary precautions by ensuring your products are always updated. 

• OpenVPN – versions 2.7_alpha1 to 2.7_rc1 

For more information on this update, you can follow this URL: 

https://community.openvpn.net/Security%20Announcements/CVE-2025-12106?__cf_chl_tk=J1MRbAVCZhaMK3Aoln1vjk1sqH_hJ9wlvLGKVrf_q78-1764785883-1.0.1.1-Rca56sirj._W.6JZob3Im.oo2zz2UpcnlwuCVmjitdU#cve-2025-12106-ipv6-address-parsing-fix-buffer-overread-on-invalid-input 

The Guyana National CIRT recommends that users and administrators review these updates and apply them where necessary.

PDF Download: OpenVPN Security Advisory

References

• Security Announcement. (November 18th, 2025). Retrieved from OpenVPN community wiki. https://community.openvpn.net/Security%20Announcements 
• OpenVPN security advisory (December 2nd, 2025). Retrieved from Canadian Centre for Cyber Security. https://www.cyber.gc.ca/en/alerts-advisories/openvpn-security-advisory-av25-798