[SOLVED] NOOB - Is This something I should worry about ?

[Jensen]

HI,

Hope I have put this question in the correct place - Apologies if I have not !

I have just installed opnsense for the first time and I have updated to OPNsense 25.7.7_4

I then went to Status > Run an Audit > Security , and got this :

***GOT REQUEST TO AUDIT SECURITY***
Currently running OPNsense 25.7.7_4 (amd64) at Wed Nov 19 13:18:54 GMT 2025
vulnxml file up-to-date
openvpn-2.6.15 is vulnerable:
  OpenVPN -- HMAC verification on source IP address ineffective
  CVE: CVE-2025-13086
  WWW: https://vuxml.freebsd.org/freebsd/17a40d76-c3fd-11f0-b513-0da7be77c170.html

pkcs11-helper-1.29.0_3 is vulnerable:
  pkcs11-helper -- deserialize buffer overflow
  WWW: https://vuxml.freebsd.org/freebsd/1a46e84d-c406-11f0-b513-0da7be77c170.html

2 problem(s) in 2 package(s) found.
***DONE***



Does this show I have done something wrong, or do I have to do something to fix these two problems

Many thanks in advance

[Patrick M. Hausen]

Does this show I have done something wrong, or do I have to do something to fix these two problems

Just wait for the next update to fix these two issues. Happens all the time - you cannot patch a complex product the day a vulnerability is discovered.

If you want to be cautious - go read the CVE entries and try to decide if they apply to you or not and if yes, if they pose a risk.

E.g. the first one is easy: are you running OpenVPN? No? No risk.
Second one is more difficult. It's about an API for crypto hardware. Most probably also not attackable in the context of OPNsense.

HTH,
Patrick

[Jensen]

Hi Patrick,
Thanks for your reply.
No I am not using OpenVPN and I dont know what "API for crypto hardware" is so I guess I will not be using that either.

I will ignore for now while I am learning, and then as you suggested, wait for the updates in due course

Thanks for your help
Jensen