CVE-2026-25075

HIGH

strongSwan 4.5.0-6.0.4 - DoS

Title source: llm

Description

strongSwan versions 4.5.0 prior to 6.0.5 contain an integer underflow vulnerability in the EAP-TTLS AVP parser that allows unauthenticated remote attackers to cause a denial of service by sending crafted AVP data with invalid length fields during IKEv2 authentication. Attackers can exploit the failure to validate AVP length fields before subtraction to trigger excessive memory allocation or NULL pointer dereference, crashing the charon IKE daemon.

Exploits (1)

nomisec SCANNER

by BishopFox · poc

https://github.com/BishopFox/CVE-2026-25075-check

View Code ZIP pw:eip

References (4)

[Various Sources] https://www.strongswan.org/blog/2026/03/23/strongswan-6.0.5-released.html

[Various Sources] https://www.strongswan.org/blog/2026/03/23/strongswan-vulnerability-(cve-2026-25075).html

[Third Party Advisory] https://www.vulncheck.com/advisories/strongswan-eap-ttls-avp-parsing-integer-underflow

[Mailing List] https://lists.debian.org/debian-lts-announce/2026/03/msg00016.html

Scores

CVSS v3 7.5

EPSS 0.0022

EPSS Percentile 44.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-191 CWE-476

Status published

Products (1)

strongSwan/strongSwan 4.5.0 - 6.0.5

Published Mar 23, 2026

Tracked Since Mar 24, 2026