Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-32787

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-16 Apr, 2025 | 21:41
Updated At-17 Apr, 2025 | 13:15
Rejected At-
Credits

SoftEtherVPN Affected by NULL dereference in DeleteIPv6DefaultRouterInRA

SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. Versions 5.02.5184 to 5.02.5187 are vulnerable to NULL dereference in `DeleteIPv6DefaultRouterInRA` called by `StorePacket`. Before dereferencing, `DeleteIPv6DefaultRouterInRA` does not account for `ParsePacket` returning NULL, resulting in the program crashing. A patched version does not exist at this time.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:16 Apr, 2025 | 21:41
Updated At:17 Apr, 2025 | 13:15
Rejected At:
▼CVE Numbering Authority (CNA)
SoftEtherVPN Affected by NULL dereference in DeleteIPv6DefaultRouterInRA

SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. Versions 5.02.5184 to 5.02.5187 are vulnerable to NULL dereference in `DeleteIPv6DefaultRouterInRA` called by `StorePacket`. Before dereferencing, `DeleteIPv6DefaultRouterInRA` does not account for `ParsePacket` returning NULL, resulting in the program crashing. A patched version does not exist at this time.

Affected Products
Vendor
SoftEtherVPN
Product
SoftEtherVPN
Versions
Affected
  • >= 5.02.5184, <= 5.02.5187
Problem Types
TypeCWE IDDescription
CWECWE-476CWE-476: NULL Pointer Dereference
Type: CWE
CWE ID: CWE-476
Description: CWE-476: NULL Pointer Dereference
Metrics
VersionBase scoreBase severityVector
3.13.1LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
Version: 3.1
Base score: 3.1
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/SoftEtherVPN/SoftEtherVPN/security/advisories/GHSA-xw53-587j-mqh6
x_refsource_CONFIRM
https://github.com/SoftEtherVPN/SoftEtherVPN/blob/7006539732c0231d7723623cc8732f94ba2b8c54/src/Cedar/Hub.c#L5112C1-L5116C29
x_refsource_MISC
https://github.com/SoftEtherVPN/SoftEtherVPN/blob/master/src/Mayaqua/TcpIp.c#L1633
x_refsource_MISC
Hyperlink: https://github.com/SoftEtherVPN/SoftEtherVPN/security/advisories/GHSA-xw53-587j-mqh6
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/SoftEtherVPN/SoftEtherVPN/blob/7006539732c0231d7723623cc8732f94ba2b8c54/src/Cedar/Hub.c#L5112C1-L5116C29
Resource:
x_refsource_MISC
Hyperlink: https://github.com/SoftEtherVPN/SoftEtherVPN/blob/master/src/Mayaqua/TcpIp.c#L1633
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/SoftEtherVPN/SoftEtherVPN/security/advisories/GHSA-xw53-587j-mqh6
exploit
Hyperlink: https://github.com/SoftEtherVPN/SoftEtherVPN/security/advisories/GHSA-xw53-587j-mqh6
Resource:
exploit
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:16 Apr, 2025 | 22:15
Updated At:17 Apr, 2025 | 20:21

SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. Versions 5.02.5184 to 5.02.5187 are vulnerable to NULL dereference in `DeleteIPv6DefaultRouterInRA` called by `StorePacket`. Before dereferencing, `DeleteIPv6DefaultRouterInRA` does not account for `ParsePacket` returning NULL, resulting in the program crashing. A patched version does not exist at this time.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.13.1LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
Type: Secondary
Version: 3.1
Base score: 3.1
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-476Secondarysecurity-advisories@github.com
CWE ID: CWE-476
Type: Secondary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/SoftEtherVPN/SoftEtherVPN/blob/7006539732c0231d7723623cc8732f94ba2b8c54/src/Cedar/Hub.c#L5112C1-L5116C29security-advisories@github.com
N/A
https://github.com/SoftEtherVPN/SoftEtherVPN/blob/master/src/Mayaqua/TcpIp.c#L1633security-advisories@github.com
N/A
https://github.com/SoftEtherVPN/SoftEtherVPN/security/advisories/GHSA-xw53-587j-mqh6security-advisories@github.com
N/A
https://github.com/SoftEtherVPN/SoftEtherVPN/security/advisories/GHSA-xw53-587j-mqh6134c704f-9b21-4f2e-91b3-4a467353bcc0
N/A
Hyperlink: https://github.com/SoftEtherVPN/SoftEtherVPN/blob/7006539732c0231d7723623cc8732f94ba2b8c54/src/Cedar/Hub.c#L5112C1-L5116C29
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/SoftEtherVPN/SoftEtherVPN/blob/master/src/Mayaqua/TcpIp.c#L1633
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/SoftEtherVPN/SoftEtherVPN/security/advisories/GHSA-xw53-587j-mqh6
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/SoftEtherVPN/SoftEtherVPN/security/advisories/GHSA-xw53-587j-mqh6
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2Records found
CVE-2025-14953
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-2.3||LOW
EPSS-0.09% / 25.01%
||
7 Day CHG+0.01%
Published-19 Dec, 2025 | 16:02
Updated-24 Feb, 2026 | 06:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open5GS FAR-ID handler.c ogs_pfcp_handle_create_pdr null pointer dereference

A flaw has been found in Open5GS up to 2.7.5. This impacts the function ogs_pfcp_handle_create_pdr in the library lib/pfcp/handler.c of the component FAR-ID Handler. Executing a manipulation can lead to null pointer dereference. The attack may be performed from remote. The attack requires a high level of complexity. The exploitability is said to be difficult. The exploit has been published and may be used. This patch is called 93a9fd98a8baa94289be3b982028201de4534e32. It is advisable to implement a patch to correct this issue.

Action-Not Available
Vendor-open5gsn/a
Product-open5gsOpen5GS
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-3603
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-3.1||LOW
EPSS-0.07% / 21.93%
||
7 Day CHG-0.05%
Published-21 Jul, 2023 | 19:09
Updated-26 Sep, 2024 | 20:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Processing sftp server read may cause null dereference

A missing allocation check in sftp server processing read requests may cause a NULL dereference on low-memory conditions. The malicious client can request up to 4GB SFTP reads, causing allocation of up to 4GB buffers, which was not being checked for failure. This will likely crash the authenticated user's sftp server connection (if implemented as forking as recommended). For thread-based servers, this might also cause DoS for legitimate users. Given this code is not in any released versions, no security releases have been issued.

Action-Not Available
Vendor-libsshn/aRed Hat, Inc.Fedora Project
Product-libsshlibsshRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7Extra Packages for Enterprise Linux 7Fedora
CWE ID-CWE-476
NULL Pointer Dereference
Details not found