CVE-2025-62291 — Integer Underflow (Wrap or Wraparound) in Strongswan

CWE-191 — Integer Underflow (Wrap or Wraparound)9 documents7 sources

Severity

8.1HIGHNVD

EPSS

0.0%

top 97.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Strongswan Debian Strongswan

Timeline

PublishedJan 16

Description

In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages3 packages

▶debiandebian/strongswan< strongswan 5.9.8-5+deb12u2 (bookworm)

▶CVEListV5strongswan/strongswan4.2.12 — 6.0.3

▶Debianstrongswan/strongswan< 5.9.1-1+deb11u5+3

🔴Vulnerability Details

OSV

CVE-2025-62291: In the eap-mschapv2 plugin (client-side) in strongSwan before 6↗2026-01-16

▶

GHSA

GHSA-p527-wjvq-vxg8: In the eap-mschapv2 plugin (client-side) in strongSwan before 6↗2026-01-16

▶

📋Vendor Advisories

Red Hat

strongswan: strongSwan: Arbitrary Code Execution and Denial of Service via crafted EAP-MSCHAPv2 message↗2026-01-16

▶

Ubuntu

strongSwan vulnerability↗2025-10-27

▶

Debian

CVE-2025-62291: strongswan - In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a malicious...↗2025

▶

🕵️Threat Intelligence

Wiz

CVE-2025-62291 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2025-9615 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2026-25075 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶