strongSwan EAP-TTLS AVP Integer Underflow Vulnerability (CVE-2026-25075)
An integer underflow vulnerability in strongSwan's EAP-TTLS AVP parser allows unauthenticated remote attackers to cause a denial of service by sending crafted AVP data with invalid length fields during IKEv2 authentication, leading to excessive memory allocation or a NULL pointer dereference.
The strongSwan VPN suite is susceptible to an integer underflow vulnerability (CVE-2026-25075) affecting versions 4.5.0 up to 6.0.4. This flaw resides within the EAP-TTLS AVP (Attribute Value Pair) parser. A remote, unauthenticated attacker can exploit this vulnerability by sending specifically crafted AVP data during the IKEv2 (Internet Key Exchange version 2) authentication process. Successful exploitation leads to a denial-of-service condition due to excessive memory allocation or a NULL…
Detection coverage 2
Detect strongSwan Charon Process Crash
highDetects crashes of the charon IKE daemon which might indicate CVE-2026-25075 exploitation
Detect Excessive Memory Allocation in strongSwan
mediumDetects potential exploitation of CVE-2026-25075 by monitoring memory allocation errors in charon logs.
Detection queries are kept inside the platform. Get full rules →