Cyber Resilience

CVE-2025-25568

CriticalPublic PoC

Published: 12 March 2025

Published
12 March 2025
Modified
19 July 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0016 37.0th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-25568 is a critical-severity Use After Free (CWE-416) vulnerability in Softether Vpn. Its CVSS base score is 9.8 (Critical).

Operationally, ranked at the 37.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-25568 is a use-after-free vulnerability (CWE-416) affecting SoftEtherVPN version 5.02.5187, specifically in the Command.c file through the CheckNetworkAcceptThread function. The issue has been assigned a CVSS v3.1 base score of 9.8 (Critical), reflecting its potential severity. However, the supplier disputes the vulnerability's validity, asserting that the use-after-free occurs not in the core VPN software but in a separate stress-testing tool for the networking stack, which processes no untrusted input and executes under the user's own privileges.

An attacker with network access could potentially exploit this vulnerability remotely with low complexity, requiring no privileges or user interaction, to achieve high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) within the unchanged scope. This suggests possibilities like arbitrary code execution or system compromise, though the supplier's dispute implies limited practical exploitability due to the affected component's isolated nature and lack of exposure to untrusted inputs.

Advisories and additional details are available in referenced documents, including the supplier's response at https://filecenter.softether-upload.com/d/250715_001_79538/CVE-2025-25568.pdf and researcher analysis at https://lzydry.github.io/CVE-2025-25568/. The supplier's position emphasizes that no mitigation beyond standard secure usage of the tool is necessary, given its non-internet-facing design and user-controlled execution context.

EU & UK References

Vulnerability details

SoftEtherVPN 5.02.5187 is vulnerable to Use after Free in the Command.c file via the CheckNetworkAcceptThread function. NOTE: the Supplier disputes this because the use-after-free is not in the VPN software, but is instead in a separate tool that has no…

more

untrusted input and runs under the user's own privileges (it is a stress-testing tool for a networking stack).

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

Insufficient information to map techniques.
Confidence: LOW · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-25565Same product: Softether Vpn
CVE-2025-25567Same product: Softether Vpn
CVE-2026-39312Same vendor: Softether
CVE-2026-7352Shared CWE-416
CVE-2026-22165Shared CWE-416
CVE-2026-47331Shared CWE-416
CVE-2026-6299Shared CWE-416
CVE-2026-23111Shared CWE-416
CVE-2026-8511Shared CWE-416
CVE-2026-9970Shared CWE-416

Affected Assets

softether
vpn
5.02.5187

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the use-after-free vulnerability in SoftEtherVPN 5.02.5187's Command.c by requiring timely patching or upgrading of the affected software.

prevent

Provides memory protections like ASLR and DEP that mitigate exploitation of the use-after-free in CheckNetworkAcceptThread even if unpatched.

detect

Enables vulnerability scanning to identify the use-after-free (CVE-2025-25568) in SoftEtherVPN components for subsequent remediation.

References