CVE-2026-25075

| EUVD-2026-14477 HIGH
2026-03-23 VulnCheck GHSA-frr2-5qjr-h4hw
8.7
CVSS 4.0
Share

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

5
Patch Released
Mar 31, 2026 - 21:13 nvd
Patch available
PoC Detected
Mar 27, 2026 - 20:16 vuln.today
Public exploit code
EUVD ID Assigned
Mar 23, 2026 - 19:00 euvd
EUVD-2026-14477
Analysis Generated
Mar 23, 2026 - 19:00 vuln.today
CVE Published
Mar 23, 2026 - 18:33 nvd
HIGH 8.7

Tags

Denial Of Service Integer Overflow Suse

Description

strongSwan versions 4.5.0 prior to 6.0.5 contain an integer underflow vulnerability in the EAP-TTLS AVP parser that allows unauthenticated remote attackers to cause a denial of service by sending crafted AVP data with invalid length fields during IKEv2 authentication. Attackers can exploit the failure to validate AVP length fields before subtraction to trigger excessive memory allocation or NULL pointer dereference, crashing the charon IKE daemon.

Analysis

Unauthenticated remote attackers can crash strongSwan versions 4.5.0 through 6.0.4 via integer underflow in the EAP-TTLS AVP parser during IKEv2 authentication by sending malformed AVP packets with invalid length fields. Public exploit code exists for this denial of service vulnerability, which triggers memory corruption in the charon daemon with no available patch. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

Within 24 hours: Inventory all strongSwan deployments and identify affected versions (4.5.0-6.0.4); assess exposure by documenting network access to IKE ports (UDP 500/4500). Within 7 days: Implement network segmentation to restrict IKE daemon access to trusted peers only; enable detailed logging and alerting on charon process crashes; evaluate upgrade to version 6.0.5 or later when available. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

64
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +44
POC: +20

Vendor Status

Ubuntu

Priority: Medium
strongswan
Release Status Version
trusty needs-triage -
xenial needs-triage -
bionic needs-triage -
focal needs-triage -
upstream released 6.0.5
jammy released 5.9.5-2ubuntu2.5
noble released 5.9.13-2ubuntu4.24.04.2
questing released 6.0.1-6ubuntu4.2
USN-8117-1

Debian

strongswan
Release Status Fixed Version Urgency
bullseye vulnerable 5.9.1-1+deb11u4 -
bullseye (security) vulnerable 5.9.1-1+deb11u5 -
bookworm fixed 5.9.8-5+deb12u3 -
bookworm (security) fixed 5.9.8-5+deb12u3 -
trixie fixed 6.0.1-6+deb13u4 -
trixie (security) fixed 6.0.1-6+deb13u4 -
forky, sid vulnerable 6.0.4-1 -
(unstable) fixed (unfixed) -
DSA-6176-1

Share

CVE-2026-25075 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy