A 15-year-old integer underflow in strongSwan’s EAP-TTLS plugin can trigger massive heap corruption and allow an attacker to knock VPN services offline by forcing impossible memory allocations. Bishop Fox and strongSwan (CVE-2026-25075) advise upgrading vulnerable installations to 6.0.5 or later, disabling EAP-TTLS if unused, and using the provided non-crashing test tool to check for exposure. #strongSwan #CVE-2026-25075
Keypoints
- The flaw is an integer underflow in the EAP-TTLS plugin that leads to huge, invalid memory allocations.
- CVE-2026-25075 affects strongSwan versions from 4.5.0 through 6.0.4 and has existed for about 15 years.
- The exploit is a two-phase “ghost” attack where a first malformed message corrupts the heap and a second connection crashes the charon daemon.
- An attack requires a vulnerable version with EAP-TTLS enabled and IKEv2 connections accepted on the server.
Read More: https://hackread.com/strongswan-flaw-attackers-crash-vpn-integer-underflow/