CVE-2026-25075

HIGH

strongSwan 4.5.0-6.0.4 - Unauthenticated Denial of Service via EAP-TTLS AVP Parser Integer Underflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-25075. PoCs published by BishopFox.

AI-analyzed exploit summary This repository contains a non-destructive scanner for CVE-2026-25075, an integer underflow vulnerability in strongSwan's EAP-TTLS AVP handling. It detects the vulnerability by sending a malformed AVP header with length=1 but no data payload, avoiding heap corruption.

Description

strongSwan versions 4.5.0 prior to 6.0.5 contain an integer underflow vulnerability in the EAP-TTLS AVP parser that allows unauthenticated remote attackers to cause a denial of service by sending crafted AVP data with invalid length fields during IKEv2 authentication. Attackers can exploit the failure to validate AVP length fields before subtraction to trigger excessive memory allocation or NULL pointer dereference, crashing the charon IKE daemon.

Exploits (1)

nomisec SCANNER
by BishopFox · poc
https://github.com/BishopFox/CVE-2026-25075-check

This repository contains a non-destructive scanner for CVE-2026-25075, an integer underflow vulnerability in strongSwan's EAP-TTLS AVP handling. It detects the vulnerability by sending a malformed AVP header with length=1 but no data payload, avoiding heap corruption.

Classification
Scanner 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: strongSwan (EAP-TTLS implementation)
No auth needed
Prerequisites: network access to target strongSwan server · EAP-TTLS enabled on target
devstral-2 · analyzed Apr 09, 2026 Full analysis →

References (5)

Core 5

Scores

CVSS v3 7.5
EPSS 0.0101
EPSS Percentile 58.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-191 CWE-476
Status published
Products (1)
strongSwan/strongSwan 4.5.0 - 6.0.5
Published Mar 23, 2026
Tracked Since Mar 24, 2026