CVE-2026-25075 — Integer Underflow (Wrap or Wraparound) in Strongswan

CWE-191 — Integer Underflow (Wrap or Wraparound)CWE-476 — NULL Pointer Dereference13 documents9 sources

Severity

8.7HIGHNVD

EPSS

0.2%

top 57.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Strongswan Debian Strongswan Msrc Azl3 Strongswan 5.9.14-8 ON Azure Linux 3.0 +1 more

Timeline

PublishedMar 23

Latest updateApr 6

Description

strongSwan versions 4.5.0 prior to 6.0.5 contain an integer underflow vulnerability in the EAP-TTLS AVP parser that allows unauthenticated remote attackers to cause a denial of service by sending crafted AVP data with invalid length fields during IKEv2 authentication. Attackers can exploit the failure to validate AVP length fields before subtraction to trigger excessive memory allocation or NULL pointer dereference, crashing the charon IKE daemon.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Packages5 packages

▶debiandebian/strongswan< strongswan 5.9.8-5+deb12u3 (bookworm)

▶CVEListV5strongswan/strongswan4.5.0 — 6.0.5

▶Debianstrongswan/strongswan< 5.9.1-1+deb11u6+3

▶msrcmsrc/azl3_strongswan_5.9.14-8_on_azure_linux_3.0

▶msrcmsrc/cbl2_strongswan_5.9.10-4_on_cbl_mariner_2.0

🔴Vulnerability Details

GHSA

GHSA-frr2-5qjr-h4hw: strongSwan versions 4↗2026-03-23

▶

OSV

CVE-2026-25075: strongSwan versions 4↗2026-03-23

▶

📋Vendor Advisories

Ubuntu

strongSwan vulnerability↗2026-03-23

▶

Microsoft

strongSwan 4.5.0 < 6.0.5 EAP-TTLS AVP Parsing Integer Underflow↗2026-03-10

▶

Debian

CVE-2026-25075: strongswan - strongSwan versions 4.5.0 prior to 6.0.5 contain an integer underflow vulnerabil...↗2026

▶

🕵️Threat Intelligence

Hackernews

⚡ Weekly Recap: Axios Hack, Chrome 0-Day, Fortinet Exploits, Paragon Spyware and More↗2026-04-06

▶

Wiz

CVE-2025-62291 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2025-9615 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2026-25075 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

💬Community

Bugzilla

CVE-2026-25075 strongswan: strongSwan: Denial of Service via integer underflow in EAP-TTLS AVP parser [epel-all]↗2026-03-24

▶

Bugzilla

CVE-2026-25075 strongswan: strongSwan: Denial of Service via integer underflow in EAP-TTLS AVP parser [fedora-43]↗2026-03-24

▶

Bugzilla

CVE-2026-25075 strongswan: strongSwan: Denial of Service via integer underflow in EAP-TTLS AVP parser [fedora-42]↗2026-03-24

▶