{"id":"CVE-2025-54870","summary":"VTun-ng's failure to initialize encryption modules may cause reversion to plaintext","details":"VTun-ng is a Virtual Tunnel over TCP/IP network. In versions 3.0.17 and below, failure to initialize encryption modules might cause reversion to plaintext due to insufficient error handling. The bug was first introduced in VTun-ng version 3.0.12. This is fixed in version 3.0.18. To workaround this issue, avoid blowfish-256.","aliases":["GHSA-m3jc-27c6-2wrf"],"modified":"2026-04-02T12:54:07.637165Z","published":"2025-08-05T00:02:38.457Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/54xxx/CVE-2025-54870.json","cwe_ids":["CWE-636"],"cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/54xxx/CVE-2025-54870.json"},{"type":"ADVISORY","url":"https://github.com/leakingmemory/vtun-ng/security/advisories/GHSA-m3jc-27c6-2wrf"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54870"},{"type":"FIX","url":"https://github.com/leakingmemory/vtun-ng/commit/8c63982b6c487c52db1d56ab94c266f0bc857140"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/leakingmemory/vtun-ng","events":[{"introduced":"579288cc2cd1e6c87f1d65bb8d4b37f8220b3619"},{"fixed":"8c63982b6c487c52db1d56ab94c266f0bc857140"}]}],"versions":["v3.0.12","v3.0.13","v3.0.14","v3.0.15","v3.0.16","v3.0.17"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54870.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"}]}