Sone127 Patched __full__

On January 22, 2025, the National Vulnerability Database (NVD) published a new CVE entry: , titled "Authentication Bypass via Time-of-Check Time-of-Use (TOCTOU) Race Condition in Sone127 versions prior to 2.3.4."

sone127 --version

The patched version now logs every authentication attempt with a unique request ID, source IP, and a SHA-256 hash of the session packet. This does not patch the vulnerability directly but allows forensic detection of any pre-patch exploitation attempts. sone127 patched