CVE-2025-50055_CVE-2025-50055

6.4 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Description

Cross-site scripting (XSS) vulnerability in the SAML Authentication module in OpenVPN Access Server version 2.14.0 through 2.14.3 allows configured remote SAML Assertion Consumer Service (ACS) endpoint servers to inject arbitrary web script or HTML via the RelayState parameter

Basic Information

ID CVE-2025-50055

Source OpenVPN

Published Oct 27, 2025 at 13:39

Modified Oct 30, 2025 at 18:23

Affected Product

Vendor OpenVPN

Product Access Server

Version 2.14.0

Affected Versions OpenVPN Access Server 2.14.0

CWE Classification

CWE-79

References

openvpn.net /as-docs/as-3-0-release-notes.html

{
    "lastseen": "",
    "description": "Cross-site scripting (XSS) vulnerability in the SAML Authentication module in OpenVPN Access Server version 2.14.0 through 2.14.3 allows configured remote SAML Assertion Consumer Service (ACS) endpoint servers to inject arbitrary web script or HTML via the RelayState parameter",
    "published": "2025-10-27T13:39:43.652Z",
    "modified": "2025-10-30T18:23:58.634Z",
    "type": "cve",
    "title": "CVE-2025-50055",
    "source": "OpenVPN",
    "references": "https://openvpn.net/as-docs/as-3-0-release-notes.html#access-server-3-0-0",
    "id": "CVE-2025-50055",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "OpenVPN Access Server 2.14.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.4,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Access Server",
    "version": "2.14.0",
    "vendor": "OpenVPN",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}