PatchSiren cyber security CVE debrief
CVE-2026-25075 strongSwan CVE debrief
A vulnerability was found in strongSwan versions 4.5.0 prior to 6.0.5. This issue is an integer underflow in the EAP-TTLS AVP parser, which allows unauthenticated remote attackers to cause a denial of service. The vulnerability is triggered by sending crafted AVP data with invalid length fields during IKEv2 authentication. Unaffected versions have addressed this vulnerability. Users should review their deployments and update to version 6.0.5 or later.
- Vendor
- strongSwan
- Product
- Unknown
- CVSS
- HIGH 8.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-23
- Original CVE updated
- 2026-07-14
- Advisory published
- 2026-03-23
- Advisory updated
- 2026-07-14
Who should care
Users of strongSwan versions 4.5.0 through 6.0.4 should be aware of this vulnerability. The vulnerability allows unauthenticated remote attackers to cause a denial of service. Affected operators should review their deployments and update to version 6.0.5 or later. Vulnerability management and security teams should prioritize this update based on the HIGH CVSS score of 8.7.
Technical summary
The integer underflow vulnerability in the EAP-TTLS AVP parser of strongSwan versions 4.5.0 prior to 6.0.5 allows unauthenticated remote attackers to cause a denial of service. This is achieved by sending crafted AVP data with invalid length fields during IKEv2 authentication, which can trigger excessive memory allocation or NULL pointer dereference, crashing the charon IKE daemon. The vulnerability has been addressed in version 6.0.5.
Defensive priority
High
Recommended defensive actions
- Inventory and update strongSwan to version 6.0.5 or later
- Implement compensating controls such as monitoring for suspicious IKEv2 authentication attempts
- Exception tracking for potential false positives
- Retest affected systems after applying updates
- Review official advisories for specific guidance
- Monitor for exposure and prioritize updates based on CVSS score
- Track exceptions and retest remediated assets
Evidence notes
The CVE record was published on 2026-03-23T19:16:39.313Z and has not been modified since then. The NVD entry is currently Deferred. Evidence is limited to public sources and may not reflect the full scope or impact of this vulnerability. Defenders should verify affected systems and review official advisories for specific guidance.
Official resources
-
CVE-2026-25075 CVE record
CVE.org
-
CVE-2026-25075 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
- Source reference
- Source reference
- Source reference
-
Source reference
af854a3a-2127-422b-91ae-364da2661108
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-03-23T19:16:39.313Z and has not been modified since then. The NVD entry is currently Deferred.