CVE-2025-25568
Published: 12 March 2025
Summary
CVE-2025-25568 is a critical-severity Use After Free (CWE-416) vulnerability in Softether Vpn. Its CVSS base score is 9.8 (Critical).
Operationally, ranked at the 36.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the use-after-free vulnerability in SoftEtherVPN 5.02.5187's Command.c by requiring timely patching or upgrading of the affected software.
Provides memory protections like ASLR and DEP that mitigate exploitation of the use-after-free in CheckNetworkAcceptThread even if unpatched.
Enables vulnerability scanning to identify the use-after-free (CVE-2025-25568) in SoftEtherVPN components for subsequent remediation.
MITRE ATT&CK Enterprise TechniquesAI
Insufficient information to map techniques.NVD Description
SoftEtherVPN 5.02.5187 is vulnerable to Use after Free in the Command.c file via the CheckNetworkAcceptThread function. NOTE: the Supplier disputes this because the use-after-free is not in the VPN software, but is instead in a separate tool that has no…
more
untrusted input and runs under the user's own privileges (it is a stress-testing tool for a networking stack).
Deeper analysisAI
CVE-2025-25568 is a use-after-free vulnerability (CWE-416) affecting SoftEtherVPN version 5.02.5187, specifically in the Command.c file through the CheckNetworkAcceptThread function. The issue has been assigned a CVSS v3.1 base score of 9.8 (Critical), reflecting its potential severity. However, the supplier disputes the vulnerability's validity, asserting that the use-after-free occurs not in the core VPN software but in a separate stress-testing tool for the networking stack, which processes no untrusted input and executes under the user's own privileges.
An attacker with network access could potentially exploit this vulnerability remotely with low complexity, requiring no privileges or user interaction, to achieve high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) within the unchanged scope. This suggests possibilities like arbitrary code execution or system compromise, though the supplier's dispute implies limited practical exploitability due to the affected component's isolated nature and lack of exposure to untrusted inputs.
Advisories and additional details are available in referenced documents, including the supplier's response at https://filecenter.softether-upload.com/d/250715_001_79538/CVE-2025-25568.pdf and researcher analysis at https://lzydry.github.io/CVE-2025-25568/. The supplier's position emphasizes that no mitigation beyond standard secure usage of the tool is necessary, given its non-internet-facing design and user-controlled execution context.
Details
- CWE(s)