Skip to main content

SoftEtherVPN CVE-2025-32787

LOW
NULL Pointer Dereference (CWE-476)
2025-04-16 security-advisories@github.com
3.1
CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY
3.1 LOW
AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 18:37 vuln.today
CVE Published
Apr 16, 2025 - 22:15 nvd
LOW 3.1

DescriptionGitHub Advisory

SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. Versions 5.02.5184 to 5.02.5187 are vulnerable to NULL dereference in DeleteIPv6DefaultRouterInRA called by StorePacket. Before dereferencing, DeleteIPv6DefaultRouterInRA does not account for ParsePacket returning NULL, resulting in the program crashing. A patched version does not exist at this time.

AnalysisAI

SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Technical ContextAI

This vulnerability is classified as NULL Pointer Dereference (CWE-476), which allows attackers to crash the application by dereferencing a null pointer. SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. Versions 5.02.5184 to 5.02.5187 are vulnerable to NULL dereference in DeleteIPv6DefaultRouterInRA called by StorePacket. Before dereferencing, DeleteIPv6DefaultRouterInRA does not account for ParsePacket returning NULL, resulting in the program crashing. A patched version does not exist at this time.

Affected ProductsAI

See vendor advisory for affected versions.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Check pointers before dereferencing. Use static analysis tools to detect null pointer paths.

Share

CVE-2025-32787 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy