Vulnerability Description
strongSwan versions 4.5.0 prior to 6.0.5 contain an integer underflow vulnerability in the EAP-TTLS AVP parser that allows unauthenticated remote attackers to cause a denial of service by sending crafted AVP data with invalid length fields during IKEv2 authentication. Attackers can exploit the failure to validate AVP length fields before subtraction to trigger excessive memory allocation or NULL pointer dereference, crashing the charon IKE daemon.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://www.strongswan.org/blog/2026/03/23/strongswan-6.0.5-released.html
- https://www.strongswan.org/blog/2026/03/23/strongswan-vulnerability-(cve-2026-25
- https://www.vulncheck.com/advisories/strongswan-eap-ttls-avp-parsing-integer-und
- https://y637f9qq2x.com/posts/cve-2026-25075/
- https://lists.debian.org/debian-lts-announce/2026/03/msg00016.html
FAQ
What is CVE-2026-25075?
CVE-2026-25075 is a vulnerability with a CVSS score of 7.5 (HIGH). strongSwan versions 4.5.0 prior to 6.0.5 contain an integer underflow vulnerability in the EAP-TTLS AVP parser that allows unauthenticated remote attackers to cause a denial of service by sending craf...
How severe is CVE-2026-25075?
CVE-2026-25075 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-25075?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.