A critical security vulnerability in OpenVPN has been discovered that could allow attackers to crash servers, potentially disrupting secure communications for thousands of users worldwide.

The vulnerability, identified as CVE-2025-2704, affects OpenVPN versions 2.6.1 through 2.6.13 when configured with the –tls-crypt-v2 option, a feature commonly used to enhance privacy and prevent deep packet inspection (DPI).