{"id":"CVE-2025-32787","summary":"SoftEtherVPN Affected by NULL dereference in DeleteIPv6DefaultRouterInRA","details":"SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. Versions 5.02.5184 to 5.02.5187 are vulnerable to NULL dereference in `DeleteIPv6DefaultRouterInRA` called by `StorePacket`. Before dereferencing, `DeleteIPv6DefaultRouterInRA` does not account for `ParsePacket` returning NULL, resulting in the program crashing. A patched version does not exist at this time.","aliases":["GHSA-xw53-587j-mqh6"],"modified":"2026-04-02T12:46:59.808282Z","published":"2025-04-16T21:41:15.966Z","database_specific":{"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/32xxx/CVE-2025-32787.json","cwe_ids":["CWE-476"]},"references":[{"type":"WEB","url":"https://github.com/SoftEtherVPN/SoftEtherVPN/blob/7006539732c0231d7723623cc8732f94ba2b8c54/src/Cedar/Hub.c#L5112C1-L5116C29"},{"type":"WEB","url":"https://github.com/SoftEtherVPN/SoftEtherVPN/blob/master/src/Mayaqua/TcpIp.c#L1633"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/32xxx/CVE-2025-32787.json"},{"type":"ADVISORY","url":"https://github.com/SoftEtherVPN/SoftEtherVPN/security/advisories/GHSA-xw53-587j-mqh6"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-32787"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/softethervpn/softethervpn","events":[{"introduced":"9378c341f70fca50687cd4f515a3d80bef190a8e"},{"last_affected":"5d1ce1a2cd3e3681ff60f52db42a1b98280e0162"}],"database_specific":{"versions":[{"introduced":"5.02.5184"},{"last_affected":"5.02.5187"}]}}],"versions":["5.02.5184","5.02.5185","5.02.5186","5.02.5187"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-32787.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"}]}