Critical DoS Vulnerability in strongSwan Affects Multiple Ubuntu Releases

Critical DoS Vulnerability in strongSwan Affects Multiple Ubuntu Releases

First seen 24 Mar 2026, 00:45 UTC UbuntuLinuxsecurity 82% similarity 57.9

Article Content

Browse articles
ThreatCluster

A critical vulnerability in strongSwan, identified as CVE-2026-25075, has been discovered, affecting Ubuntu 25.10, 24.04 LTS, and 22.04 LTS. The flaw, found by Kazuma Matsumoto, allows attackers to send specially crafted network traffic that can cause strongSwan to consume excessive resources or crash, resulting in a denial of service. The vulnerability arises from improper handling of EAP-TTLS AVPs in the eap-ttls plugin. Users are advised to update their systems to the latest package versions to mitigate the risk. The problem can be resolved through a standard system update. The vulnerability was published on March 23, 2026. No active exploitation has been reported yet, but the potential for denial of service poses a significant risk to affected systems.

Key Points: • CVE-2026-25075 affects Ubuntu 25.10, 24.04 LTS, and 22.04 LTS. • The vulnerability allows denial of service via specially crafted network traffic. • Users should update to the latest strongSwan package versions to mitigate the risk.

ThreatCluster AI

Timeline

2026-03-23
CVE-2026-25075 published
2026-03-23
Vulnerability discovered by Kazuma Matsumoto
2026-03-23
Ubuntu releases advisory USN-8117-1

Community

Browse all →