CVE-2026-25075

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Name of the Vulnerable Software and Affected Versions strongSwan versions 4.5.0 through 6.0.4

Description An integer underflow flaw exists in the EAP-TTLS AVP parser within strongSwan. This issue allows remote attackers to cause a denial of service by sending specially crafted AVP data with invalid length fields during IKEv2 authentication. The failure to validate AVP length fields before subtraction can lead to excessive memory allocation or a NULL pointer dereference, ultimately crashing the charon IKE daemon.

Recommendations Update strongSwan to version 6.0.5 or later.

Exploit

Fix

DoS

NULL Pointer Dereference

Integer Underflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476CWE-191

Related Identifiers

CVE-2026-25075

MGASA-2026-0072

OPENSUSE-SU-2026:10441-1

OPENSUSE-SU-2026:20547-1

SUSE-SU-2026:0978-1

SUSE-SU-2026:0979-1

SUSE-SU-2026:0980-1

SUSE-SU-2026:0981-1

SUSE-SU-2026:1307-1

SUSE-SU-2026:21203-1

USN-8117-1

Affected Products

Linuxmint

Ubuntu

Strongswan

CVE-2026-25075

Weakness Enumeration

Related Identifiers

Affected Products

References · 50