What is the severity of CVE-2025-32787?

CVE-2025-32787 is considered a high severity vulnerability due to the potential for remote code execution via NULL dereference.

How do I fix CVE-2025-32787?

To fix CVE-2025-32787, update your SoftEther VPN software to version 5.02.5188 or later.

What versions of SoftEther VPN are affected by CVE-2025-32787?

SoftEther VPN versions 5.02.5184 to 5.02.5187 are affected by CVE-2025-32787.

What type of vulnerability is CVE-2025-32787?

CVE-2025-32787 is a NULL dereference vulnerability in the SoftEther VPN software.

What impact can CVE-2025-32787 have on my system?

Exploitation of CVE-2025-32787 may allow an attacker to crash the VPN service or execute arbitrary code on the affected system.

Vulnerability/
CVE-2025-32787

low

3.1

CWE

476

EPSS

0.035%

16/4/2025

17/4/2025

CVE-2025-32787: SoftEtherVPN Affected by NULL dereference in DeleteIPv6DefaultRouterInRA

First published: Wed Apr 16 2025(Updated: )

SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. Versions 5.02.5184 to 5.02.5187 are vulnerable to NULL dereference in `DeleteIPv6DefaultRouterInRA` called by `StorePacket`. Before dereferencing, `DeleteIPv6DefaultRouterInRA` does not account for `ParsePacket` returning NULL, resulting in the program crashing. A patched version does not exist at this time.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
SoftEther VPN	>=5.02.5184<=5.02.5187

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2025-32787?
CVE-2025-32787 is considered a high severity vulnerability due to the potential for remote code execution via NULL dereference.
How do I fix CVE-2025-32787?
To fix CVE-2025-32787, update your SoftEther VPN software to version 5.02.5188 or later.
What versions of SoftEther VPN are affected by CVE-2025-32787?
SoftEther VPN versions 5.02.5184 to 5.02.5187 are affected by CVE-2025-32787.
What type of vulnerability is CVE-2025-32787?
CVE-2025-32787 is a NULL dereference vulnerability in the SoftEther VPN software.
What impact can CVE-2025-32787 have on my system?
Exploitation of CVE-2025-32787 may allow an attacker to crash the VPN service or execute arbitrary code on the affected system.

collector/mitre-cve
source/MITRE
agent/title
agent/weakness
agent/description
agent/references
agent/type
agent/first-publish-date
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/softwarecombine
collector/nvd-api
source/NVD
agent/severity
agent/last-modified-date
agent/author
agent/event
collector/epss-latest
source/FIRST
agent/source
agent/tags
agent/epss
vendor/softether
canonical/softether vpn

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.