When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.

The vulnerability in question is an Improper Authentication bug in the SSLVPN authentication mechanism.

It was discovered in early January 2025 and was given a severity score of 9.8/10 - critical.

A VPN runs on a mobile phone placed on a laptop keyboard

Consequently, it also gave cybercriminals ideas on how to exploit the flaw and expectedly, it has happened.

The researchers explained that in the exploit, the target endpoint incorrectly validates a malicious session attempt.