CVE-2025-25565 – SoftEther VPN 5.02.5187 contains a buffer overf... (How to Fix)

Q: What is the severity of CVE-2025-25565?

CVE-2025-25565 has a CVSS score of 9.8 (CRITICAL). SoftEther VPN 5.02.5187 contains a buffer overflow vulnerability in PtMakeCert and PtMakeCert2048 functions in Command.c. This allows attackers to execute arbitrary code by providing overly long input strings. The vulnerability affects users who run SoftEther VPN with command-line certificate generation capabilities.

📋 TL;DR

SoftEther VPN 5.02.5187 contains a buffer overflow vulnerability in PtMakeCert and PtMakeCert2048 functions in Command.c. This allows attackers to execute arbitrary code by providing overly long input strings. The vulnerability affects users who run SoftEther VPN with command-line certificate generation capabilities.

💻 Affected Systems

Products:

SoftEther VPN

Versions: 5.02.5187

Operating Systems: Windows, Linux, macOS, FreeBSD, Solaris

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability requires command-line access to certificate generation functions. The vendor disputes severity, claiming users can only attack themselves.

📦 What is this software?

Vpn by Softether

View all CVEs affecting Vpn →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Local privilege escalation or denial of service affecting the VPN service availability.

🟢

If Mitigated

Limited impact due to the vendor's claim that users can only attack themselves via command-line input.

🌐 Internet-Facing: LOW

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires command-line access to the vulnerable functions. Public proof-of-concept demonstrates buffer overflow triggering.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Consider upgrading to latest version if available or implementing workarounds.

🔧 Temporary Workarounds

Restrict Command-Line Access

all

Limit access to SoftEther VPN command-line interface to trusted administrators only.

Implement least privilege access controls
Use sudo/runas restrictions

Input Validation

all

Implement input length validation for certificate generation parameters.

Modify Command.c to validate input lengths before processing

🧯 If You Can't Patch

Disable command-line certificate generation features if not required
Implement network segmentation to isolate SoftEther VPN servers

🔍 How to Verify

Check if Vulnerable:

Check SoftEther VPN version using 'vpncmd' command or version file. Version 5.02.5187 is vulnerable.

Check Version:

vpncmd /client localhost /cmd About

Verify Fix Applied:

Verify version is updated beyond 5.02.5187 or workarounds are implemented.

📡 Detection & Monitoring

Log Indicators:

Unusually long certificate generation requests
Process crashes in SoftEther VPN service

Network Indicators:

Abnormal traffic patterns from VPN servers
Connection attempts to unusual ports

SIEM Query:

source="softether" AND (event="crash" OR command_length>1000)

📊 Metadata

CVE ID: CVE-2025-25565

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

EPSS Score: 0.19% exploit probability (41th percentile)

Published: March 12, 2025

Last Updated: July 19, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-25565, you might also want to check these: