CVE-2025-10680

OpenVPN 2.7_alpha1 through 2.7_beta1 on POSIX based platforms allows a remote authenticated server to inject shell commands via DNS variables when –dns-updown is in use

More information : https://community.openvpn.net/Security%20Announcements/CVE-2025-10680