CVE-2026-25075
strongSwan 4.5.0 < 6.0.5 EAP-TTLS AVP Parsing Integer Underflow
CVSS Score
7.5
EPSS Score
0.1%
EPSS Percentile
30th
strongSwan versions 4.5.0 prior to 6.0.5 contain an integer underflow vulnerability in the EAP-TTLS AVP parser that allows unauthenticated remote attackers to cause a denial of service by sending crafted AVP data with invalid length fields during IKEv2 authentication. Attackers can exploit the failure to validate AVP length fields before subtraction to trigger excessive memory allocation or NULL pointer dereference, crashing the charon IKE daemon.
| CWE | CWE-191 CWE-476 |
| Vendor | strongswan |
| Product | strongswan |
| Published | Mar 23, 2026 |
| Last Updated | Mar 27, 2026 |
Stay Ahead of the Next One
Get instant alerts for strongswan strongswan
Be the first to know when new high vulnerabilities affecting strongswan strongswan are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Affected Versions
strongSwan / strongSwan
4.5.0 < 6.0.5
References
strongswan.org: https://www.strongswan.org/blog/2026/03/23/strongswan-vulnerability-(cve-2026-25075).html strongswan.org: https://www.strongswan.org/blog/2026/03/23/strongswan-6.0.5-released.html vulncheck.com: https://www.vulncheck.com/advisories/strongswan-eap-ttls-avp-parsing-integer-underflow lists.debian.org: https://lists.debian.org/debian-lts-announce/2026/03/msg00016.html
Credits
Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc. VulnCheck