This page lists publicly disclosed CVE vulnerabilities affecting softether vpn (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-25568 | SoftEtherVPN 5.02.5187 is vulnerable to Use after Free in the Command.c file via the CheckNetworkAcceptThread function. NOTE: the Supplier disputes this because the use-after-free is not in the VPN software, but is instead in a separate tool that has no untrusted input and runs under the user's own privileges (it is a stress-testing tool for a networking stack). | [email protected] | 9.8 | 0.16% | 2025-03-12 | 2025-07-19 |
| CVE-2025-25567 | SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in Internat.c via the UniToStrForSingleChars function. NOTE: the Supplier disputes this because the behavior only enables a local user to attack himself through the UI, | [email protected] | 9.8 | 0.15% | 2025-03-12 | 2025-07-19 |
| CVE-2025-25566 | Memory Leak vulnerability in SoftEtherVPN 5.02.5187 allows an attacker to cause a denial of service via the UnixMemoryAlloc function. NOTE: the Supplier disputes this because the behavior is limited to a single allocation of a few hundred bytes with a command-line tool. | [email protected] | 5.6 | 0.10% | 2025-03-12 | 2025-07-19 |
| CVE-2025-25565 | SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in the Command.c file via the PtMakeCert and PtMakeCert2048 functions. NOTE: the Supplier disputes this because the behavior only allows a user to attack himself by typing a long string on a command line. | [email protected] | 9.8 | 0.16% | 2025-03-12 | 2025-07-19 |
| CVE-2023-32634 | An authentication bypass vulnerability exists in the CiRpcServerThread() functionality of SoftEther VPN 5.01.9674 and 4.41-9782-beta. An attacker can perform a local man-in-the-middle attack to trigger this vulnerability. | [email protected] | 7.8 | 0.04% | 2023-10-12 | 2025-11-04 |
| CVE-2023-32275 | An information disclosure vulnerability exists in the CtEnumCa() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. Specially crafted network packets can lead to a disclosure of sensitive information. An attacker can send packets to trigger this vulnerability. | [email protected] | 5.5 | 0.06% | 2023-10-12 | 2025-11-04 |
| CVE-2023-31192 | An information disclosure vulnerability exists in the ClientConnect() functionality of SoftEther VPN 5.01.9674. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. | [email protected] | 5.3 | 0.31% | 2023-10-12 | 2025-11-04 |
| CVE-2023-27516 | An authentication bypass vulnerability exists in the CiRpcAccepted() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. A specially crafted network packet can lead to unauthorized access. An attacker can send a network request to trigger this vulnerability. | [email protected] | 7.3 | 0.08% | 2023-10-12 | 2024-11-21 |
| CVE-2023-27395 | A heap-based buffer overflow vulnerability exists in the vpnserver WpcParsePacket() functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. A specially crafted network packet can lead to arbitrary code execution. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. | [email protected] | 9.0 | 0.43% | 2023-10-12 | 2024-11-21 |
| CVE-2023-25774 | A denial-of-service vulnerability exists in the vpnserver ConnectionAccept() functionality of SoftEther VPN 5.02. A set of specially crafted network connections can lead to denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability. | [email protected] | 7.5 | 0.07% | 2023-10-12 | 2024-11-21 |
| CVE-2023-23581 | A denial-of-service vulnerability exists in the vpnserver EnSafeHttpHeaderValueStr functionality of SoftEther VPN 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. | [email protected] | 7.5 | 0.07% | 2023-10-12 | 2024-11-21 |
| CVE-2023-22325 | A denial of service vulnerability exists in the DCRegister DDNS_RPC_MAX_RECV_SIZE functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. | [email protected] | 5.9 | 0.24% | 2023-10-12 | 2024-11-21 |
| CVE-2023-22308 | An integer underflow vulnerability exists in the vpnserver OvsProcessData functionality of SoftEther VPN 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability. | [email protected] | 7.5 | 0.09% | 2023-10-12 | 2024-11-21 |