CRITICAL🇵🇱 Wersja polska

CVE-2025-25567

CVSS 9.8v3.1pub. 2025-03-12upd. 2025-07-19

SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in Internat.c via the UniToStrForSingleChars function. NOTE: the Supplier disputes this because the behavior only enables a local user to attack himself through the UI,

🤖 AI Analysis
How it works

The error is a buffer overflow (CWE-120) in the UniToStrForSingleChars function found in the Internat.c file. The overflow can be triggered by Unicode string operations performed by this function. The software vendor stipulates that the attack vector is exclusively the local user interface, which limits the realistic scope of the vulnerability — a remote attacker without local account access cannot directly trigger this error.

Impact

In theory, successful buffer overflow exploitation could lead to process hijacking, data exposure in memory, or application instability. However, the vendor indicates that in practice, the consequences are limited to the local user's own environment using the graphical interface.

Mitigation & patch

Apply patches available from the vendor according to references. It is advisable to monitor the vendor's official channel for updates. As additional precautions, restrict local access to workstations with SoftEther VPN installed exclusively to trusted users.

Who is affected

SoftEther VPN version 5.02.5187

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Softether Vpn

    APP
    Softether
    5.02.5187
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
MemoryVPN
CWE
References

Related vulnerabilities

CVE-2025-25565CRITICAL9.8PL ✓ten sam produkt

Buffer Overflow w SoftEther VPN – funkcje PtMakeCert i PtMakeCert2048

CVE-2025-25568CRITICAL9.8PL ✓ten sam produkt

Use-after-free w SoftEther VPN 5.02.5187 – Command.c (CheckNetworkAcceptThread)

CVE-2023-27395CRITICAL9.0ten sam produkt

A heap-based buffer overflow vulnerability exists in the vpnserver WpcParsePacket() functionality of SoftEther...

CVE-2023-23581HIGH7.5ten sam produkt

A denial-of-service vulnerability exists in the vpnserver EnSafeHttpHeaderValueStr functionality of SoftEther ...

CVE-2023-25774HIGH7.5ten sam produkt

A denial-of-service vulnerability exists in the vpnserver ConnectionAccept() functionality of SoftEther VPN 5....