Linuxsecurity
Critical DoS Vulnerability in strongSwan Affects Multiple Ubuntu Releases
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A critical vulnerability in strongSwan, identified as CVE-2026-25075, has been discovered, affecting Ubuntu 25.10, 24.04 LTS, and 22.04 LTS. The flaw, found by Kazuma Matsumoto, allows attackers to send specially crafted network traffic that can cause strongSwan to consume excessive resources or crash, resulting in a denial of service. The vulnerability arises from improper handling of EAP-TTLS AVPs in the eap-ttls plugin. Users are advised to update their systems to the latest package versions to mitigate the risk. The problem can be resolved through a standard system update. The vulnerability was published on March 23, 2026. No active exploitation has been reported yet, but the potential for denial of service poses a significant risk to affected systems.
Key Points: • CVE-2026-25075 affects Ubuntu 25.10, 24.04 LTS, and 22.04 LTS. • The vulnerability allows denial of service via specially crafted network traffic. • Users should update to the latest strongSwan package versions to mitigate the risk.