CVE-2025-32787

Source
https://cve.org/CVERecord?id=CVE-2025-32787
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-32787.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-32787
Aliases
  • GHSA-xw53-587j-mqh6
Published
2025-04-16T21:41:15.966Z
Modified
2026-04-02T12:46:59.808282Z
Severity
  • 3.1 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
SoftEtherVPN Affected by NULL dereference in DeleteIPv6DefaultRouterInRA
Details

SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. Versions 5.02.5184 to 5.02.5187 are vulnerable to NULL dereference in DeleteIPv6DefaultRouterInRA called by StorePacket. Before dereferencing, DeleteIPv6DefaultRouterInRA does not account for ParsePacket returning NULL, resulting in the program crashing. A patched version does not exist at this time.

Database specific
{
    "cwe_ids": [
        "CWE-476"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/32xxx/CVE-2025-32787.json"
}
References

Affected packages

Git / github.com/softethervpn/softethervpn

Affected ranges

Type
GIT
Repo
https://github.com/softethervpn/softethervpn
Events
Database specific
{
    "versions": [
        {
            "introduced": "5.02.5184"
        },
        {
            "last_affected": "5.02.5187"
        }
    ]
}

Affected versions

5.*
5.02.5184
5.02.5185
5.02.5186
5.02.5187

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-32787.json"