The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service.
https://thehackernews.com/2024/08/microsoft-reveals-four-openvpn-flaws.html
https://www.mail-archive.com/[email protected]/msg07534.html