CVE-2025-32787

CVSS 3.1 Score 3.1 of 10 (low)

Details

Published Apr 16, 2025

Updated: Apr 17, 2025

CWE ID 476

Summary

CVE-2025-32787 is a newly identified vulnerability affecting SoftEtherVPN versions 5.02.5184 to 5.02.5187. This open-source VPN program is susceptible to a NULL dereference issue. The problem lies in the function `DeleteIPv6DefaultRouterInRA`, which is called by `StorePacket`. The vulnerability arises when this function attempts to dereference a null pointer, which occurs when `ParsePacket` returns NULL without proper checking. Consequently, the program crashes. At present, a patched version of SoftEtherVPN is unavailable to address this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

SoftEther VPN

Affected Vendors

SoftEther Corporation

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Predator Still Active, with New Client and Corporate Links Identified

Russia-Aligned TAG-110 Targets Tajikistan with Macro-Enabled Word Documents

Know What Matters

For Customers

For Partners