SoftEtherVPN 5.02.5187 is vulnerable to Use after Free in the Command.c file via the CheckNetworkAcceptThread function. NOTE: the Supplier disputes this because the use-after-free is not in the VPN software, but is instead in a separate tool that has no untrusted input and runs under the user's own privileges (it is a stress-testing tool for a networking stack).
The vulnerability is classified as CWE-416 (use-after-free) and consists of improper access to a memory area already freed by the process, which can lead to data corruption or arbitrary code execution. The reported bug is located in the CheckNetworkAcceptThread function in the Command.c file. However, the vendor (SoftEther) maintains that the vulnerability does not occur in the VPN software itself, but in a separate tool used for testing network stack load, which does not process untrusted input data and operates only with the privileges of the user running it.
If the vulnerability is indeed exploitable, an attacker could potentially gain full control over the vulnerable system through arbitrary code execution (RCE) or privilege escalation. Due to the vendor's dispute regarding the scope of the vulnerability, the actual impact on VPN production environments remains unconfirmed.
Apply patches available from the vendor according to the references. Due to the vendor's dispute regarding the scope of the vulnerability, it is recommended to monitor official SoftEther communications and the CVE-2025-25568.pdf document published by the vendor. Until the dispute is clarified, it is advisable to restrict access to tool components and monitor production environments.
SoftEther VPN version 5.02.5187; according to the vendor, the bug affects only a separate testing tool, not the main VPN component
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSoftether Vpn
APPSoftether5.02.5187
Related vulnerabilities
Buffer Overflow w SoftEther VPN – funkcje PtMakeCert i PtMakeCert2048
Buffer overflow w SoftEther VPN – funkcja UniToStrForSingleChars
A heap-based buffer overflow vulnerability exists in the vpnserver WpcParsePacket() functionality of SoftEther...
A denial-of-service vulnerability exists in the vpnserver EnSafeHttpHeaderValueStr functionality of SoftEther ...
A denial-of-service vulnerability exists in the vpnserver ConnectionAccept() functionality of SoftEther VPN 5....