CVE-2025-54870: CWE-636: Not Failing Securely ('Failing Open') in leakingmemory vtun-ng
VTun-ng is a Virtual Tunnel over TCP/IP network. In versions 3.0.17 and below, failure to initialize encryption modules might cause reversion to plaintext due to insufficient error handling. The bug was first introduced in VTun-ng version 3.0.12. This is fixed in version 3.0.18. To workaround this issue, avoid blowfish-256.
CVE-2025-54870: CWE-636: Not Failing Securely ('Failing Open') in leakingmemory vtun-ng
Description
VTun-ng is a Virtual Tunnel over TCP/IP network. In versions 3.0.17 and below, failure to initialize encryption modules might cause reversion to plaintext due to insufficient error handling. The bug was first introduced in VTun-ng version 3.0.12. This is fixed in version 3.0.18. To workaround this issue, avoid blowfish-256.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2025-07-31T17:23:33.473Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 689154aead5a09ad00e46803
Added to database: 8/5/2025, 12:47:42 AM
Last updated: 8/5/2025, 12:47:42 AM
Views: 1
Related Threats
CVE-2025-8537: Allocation of Resources in Axiomatic Bento4
MediumCVE-2025-8535: Cross Site Scripting in cronoh NanoVault
MediumCVE-2025-54871: CWE-284: Improper Access Control in steveseguin electroncapture
MediumCVE-2025-54865: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in FTB-Gamepedia Tilesheets
HighCVE-2025-54804: CWE-190: Integer Overflow or Wraparound in Eugeny russh
MediumActions
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.