彙總 softether 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
已披露問題常與 緩衝區溢位與記憶體損壞 相關,可能在 生產負載與軟體部署 場景中帶來 應用程式崩潰與記憶體損壞 等暴露風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2026-39312 | SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. In 5.2.5188 and earlier, a pre-authentication denial-of-service vulnerability exists in SoftEther VPN Developer Edition 5.2.5188 (and likely earlier versions of Developer Edition). An unauthenticated remote attacker can crash the vpnserver process by sending a single malformed EAP-TLS packet over raw L2TP (UDP/1701), terminating all active VPN sessions. | [email protected] | 7.5 | 0.39% | 2026-04-07 | 2026-04-14 |
| CVE-2025-25568 | SoftEtherVPN 5.02.5187 is vulnerable to Use after Free in the Command.c file via the CheckNetworkAcceptThread function. NOTE: the Supplier disputes this because the use-after-free is not in the VPN software, but is instead in a separate tool that has no untrusted input and runs under the user's own privileges (it is a stress-testing tool for a networking stack). | [email protected] | 9.8 | 0.16% | 2025-03-12 | 2025-07-19 |
| CVE-2025-25567 | SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in Internat.c via the UniToStrForSingleChars function. NOTE: the Supplier disputes this because the behavior only enables a local user to attack himself through the UI, | [email protected] | 9.8 | 0.15% | 2025-03-12 | 2025-07-19 |
| CVE-2025-25566 | Memory Leak vulnerability in SoftEtherVPN 5.02.5187 allows an attacker to cause a denial of service via the UnixMemoryAlloc function. NOTE: the Supplier disputes this because the behavior is limited to a single allocation of a few hundred bytes with a command-line tool. | [email protected] | 5.6 | 0.10% | 2025-03-12 | 2025-07-19 |
| CVE-2025-25565 | SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in the Command.c file via the PtMakeCert and PtMakeCert2048 functions. NOTE: the Supplier disputes this because the behavior only allows a user to attack himself by typing a long string on a command line. | [email protected] | 9.8 | 0.16% | 2025-03-12 | 2025-07-19 |
| CVE-2023-32634 | An authentication bypass vulnerability exists in the CiRpcServerThread() functionality of SoftEther VPN 5.01.9674 and 4.41-9782-beta. An attacker can perform a local man-in-the-middle attack to trigger this vulnerability. | [email protected] | 7.8 | 0.04% | 2023-10-12 | 2025-11-04 |
| CVE-2023-32275 | An information disclosure vulnerability exists in the CtEnumCa() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. Specially crafted network packets can lead to a disclosure of sensitive information. An attacker can send packets to trigger this vulnerability. | [email protected] | 5.5 | 0.06% | 2023-10-12 | 2025-11-04 |
| CVE-2023-31192 | An information disclosure vulnerability exists in the ClientConnect() functionality of SoftEther VPN 5.01.9674. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. | [email protected] | 5.3 | 0.31% | 2023-10-12 | 2025-11-04 |
| CVE-2023-27516 | An authentication bypass vulnerability exists in the CiRpcAccepted() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. A specially crafted network packet can lead to unauthorized access. An attacker can send a network request to trigger this vulnerability. | [email protected] | 7.3 | 0.08% | 2023-10-12 | 2024-11-21 |
| CVE-2023-27395 | A heap-based buffer overflow vulnerability exists in the vpnserver WpcParsePacket() functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. A specially crafted network packet can lead to arbitrary code execution. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. | [email protected] | 9.0 | 0.43% | 2023-10-12 | 2024-11-21 |
| CVE-2023-25774 | A denial-of-service vulnerability exists in the vpnserver ConnectionAccept() functionality of SoftEther VPN 5.02. A set of specially crafted network connections can lead to denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability. | [email protected] | 7.5 | 0.07% | 2023-10-12 | 2024-11-21 |
| CVE-2023-23581 | A denial-of-service vulnerability exists in the vpnserver EnSafeHttpHeaderValueStr functionality of SoftEther VPN 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. | [email protected] | 7.5 | 0.07% | 2023-10-12 | 2024-11-21 |
| CVE-2023-22325 | A denial of service vulnerability exists in the DCRegister DDNS_RPC_MAX_RECV_SIZE functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. | [email protected] | 5.9 | 0.24% | 2023-10-12 | 2024-11-21 |
| CVE-2023-22308 | An integer underflow vulnerability exists in the vpnserver OvsProcessData functionality of SoftEther VPN 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability. | [email protected] | 7.5 | 0.09% | 2023-10-12 | 2024-11-21 |
| CVE-2019-11868 | See.sys, up to version 4.25, in SoftEther VPN Server versions 4.29 or older, allows a user to call an IOCTL specifying any kernel address to which arbitrary bytes are written to. | [email protected] | 7.8 | 0.13% | 2019-07-29 | 2024-11-21 |