146 matches found
CVE-2025-25567
SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in Internat.c via the UniToStrForSingleChars function. NOTE: the Supplier disputes this because the behavior only enables a local user to attack himself through the UI,...
CVE-2025-25567
SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in Internat.c via the UniToStrForSingleChars function. NOTE: the Supplier disputes this because the behavior only enables a local user to attack himself through the UI,...
CVE-2025-25565
SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in the Command.c file via the PtMakeCert and PtMakeCert2048 functions. NOTE: the Supplier disputes this because the behavior only allows a user to attack himself by typing a long string on a command line...
SoftEther VPN 安全漏洞
SoftEther VPN is a free and open source, cross-platform, multi-protocol VPN software from SoftEther Open Source. It is used to provide secure, flexible and efficient network connectivity that bypasses geographic restrictions. A security vulnerability exists in SoftEther VPN version 5.02.5187, whi...
SoftEther VPN 安全漏洞
SoftEther VPN is a free and open source, cross-platform, multi-protocol VPN software from SoftEther Open Source. It is used to provide secure, flexible and efficient network connectivity that bypasses geographic restrictions. A security vulnerability exists in SoftEther VPN version 5.02.5187, whi...
SoftEther VPN 安全漏洞
SoftEther VPN is a free and open source, cross-platform, multi-protocol VPN software from SoftEther Open Source. It is used to provide secure, flexible and efficient network connectivity that bypasses geographic restrictions. A security vulnerability exists in SoftEther VPN version 5.02.5187, whi...
SoftEther VPN 安全漏洞
SoftEther VPN is a free and open source, cross-platform, multi-protocol VPN software from SoftEther Open Source. It is used to provide secure, flexible and efficient network connectivity that bypasses geographic restrictions. A security vulnerability exists in SoftEther VPN version 5.02.5187 that...
CVE-2025-25565
SoftEther VPN 5.02.5187 is affected by CVE-2025-25565 due to a Buffer Overflow in the Command.c file, exploitable via the PtMakeCert and PtMakeCert2048 functions. Records consistently describe a buffer overflow in these functions; the supplier disputes the claim (the provider notes the behavior c...
CVE-2025-25567
CVE-2025-25567 affects SoftEther VPN version 5.02.5187, where a Buffer Overflow occurs in Internat.c via the UniToStrForSingleChars function. The NVD/Red Hat/PTSecurity and vuln enrichment entries concur on the vulnerability class, with an extremely high CVSS3.1 base score (9.8) and impact to con...
PT-2025-11105 · Softether · Softether Vpn
Name of the Vulnerable Software and Affected Versions: SoftEther VPN version 5.02.5187 Description: The issue is related to a Buffer Overflow in the Internat.c file via the UniToStrForSingleChars function. Recommendations: For SoftEther VPN version 5.02.5187, consider disabling the...
PT-2025-11089 · Unknown · Softether Vpn
Name of the Vulnerable Software and Affected Versions: SoftEther VPN version 5.02.5187 Description: The issue is related to a Buffer Overflow in the Command.c file, specifically via the PtMakeCert and PtMakeCert2048 functions. Recommendations: For SoftEther VPN version 5.02.5187, consider disabli...
CVE-2025-25567
SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in Internat.c via the UniToStrForSingleChars function. NOTE: the Supplier disputes this because the behavior only enables a local user to attack himself through the UI,...
CVE-2025-25565
SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in the Command.c file via the PtMakeCert and PtMakeCert2048 functions. NOTE: the Supplier disputes this because the behavior only allows a user to attack himself by typing a long string on a command line...
China-Aligned MirrorFace Hackers Target EU Diplomats with World Expo 2025 Bait
The China-aligned threat actor known as MirrorFace has been observed targeting a diplomatic organization in the European Union, marking the first time the hacking crew has targeted an entity in the region. "During this attack, the threat actor used as a lure the upcoming World Expo, which will be...
SoftEther VPN Security Vulnerability
SoftEther VPN is an open source, cross-platform, multi-protocol VPN Virtual Private Network application. A security vulnerability exists prior to SoftEther VPN version 5.02.5185 that stems from the fact that when L2TP is enabled on a device to deploy SoftEtherVPN, two response packets larger than...
PT-2024-28048 · Softether · Softether Vpn
Name of the Vulnerable Software and Affected Versions: SoftEtherVPN versions prior to 5.02.5185 Description: The issue arises when SoftEtherVPN is deployed with L2TP enabled, allowing the host to be used for amplification/reflection traffic generation. This occurs because the program responds to...
RedJuliett Cyber Espionage Campaign Hits 75 Taiwanese Organizations
A likely China-linked state-sponsored threat actor has been linked to a cyber espionage campaign targeting government, academic, technology, and diplomatic organizations in Taiwan between November 2023 and April 2024. Recorded Future's Insikt Group is tracking the activity under the name...
The vulnerability of the DCRegister function in the SoftEther VPN client allows a hacker to cause a service failure.
The vulnerability of the DCRegister function in the SoftEther VPN client involves executing a loop with an unreachable exit condition. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...
CVE-2023-32275
An information disclosure vulnerability exists in the CtEnumCa functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. Specially crafted network packets can lead to a disclosure of sensitive information. An attacker can send packets to trigger this vulnerability...
CVE-2023-27395
A heap-based buffer overflow vulnerability exists in the vpnserver WpcParsePacket functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. A specially crafted network packet can lead to arbitrary code execution. An attacker can perform a man-in-the-middle attack to trigger this...