NULL Dereference Vulnerability in SoftEtherVPN by SoftEther
CVE-2025-32787

3.1LOW

Key Information:

Vendor

Softethervpn

Status
Softethervpn
Vendor
CVE Published:
16 April 2025

What is CVE-2025-32787?

SoftEtherVPN, a widely used open-source multi-protocol VPN solution, is vulnerable to a NULL dereference issue in the function 'DeleteIPv6DefaultRouterInRA', which is invoked during packet processing. If 'ParsePacket' returns NULL, the function fails to handle this case appropriately, ultimately leading to a crash of the application. Users and administrators should be aware that as of now, no patched versions are available, and they should implement immediate measures to mitigate any potential risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SoftEtherVPN >= 5.02.5184, <= 5.02.5187

References

https://github.com/SoftEtherVPN/SoftEtherVPN/security/adv...
x_refsource_CONFIRM
https://github.com/SoftEtherVPN/SoftEtherVPN/blob/7006539...
x_refsource_MISC
https://github.com/SoftEtherVPN/SoftEtherVPN/blob/master/...
x_refsource_MISC

CVSS V3.1

Score:
3.1
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

JSON
.