Cyber Posture

CVE-2025-25567

CriticalPublic PoC

Published: 12 March 2025

Published
12 March 2025
Modified
19 July 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0020 41.8th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

Security Summary

SoftEther VPN version 5.02.5187 is affected by CVE-2025-25567, a buffer overflow vulnerability in the Internat.c component via the UniToStrForSingleChars function. This issue corresponds to CWE-120 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')) and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical.

The vulnerability could theoretically enable remote attackers requiring no privileges or user interaction to compromise confidentiality, integrity, and availability with high impact. However, the supplier disputes this characterization, noting that the behavior only allows a local user to attack themselves through the user interface.

Advisories and additional details are available in the supplier's response at https://filecenter.softether-upload.com/d/250715_001_79538/CVE-2025-25567.pdf and the researcher's page at https://lzydry.github.io/CVE-2025-25567/.

Details

CWE(s)
CWE-120

Affected Products

softether
vpn
5.02.5187

MITRE ATT&CK Enterprise Techniques

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Buffer overflow vulnerability in SoftEther VPN (public-facing service) could enable remote unauthenticated code execution for initial access, directly mapping to T1190. Vendor dispute on remote exploitability (claims local UI only) introduces uncertainty in applicability.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

References