vulnerability

Ubuntu: USN-7841-1 (CVE-2025-62291): strongSwan vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:N/C:C/I:C/A:C)	Oct 27, 2025	Oct 28, 2025	Oct 30, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

Oct 27, 2025

Added

Oct 28, 2025

Modified

Oct 30, 2025

Description

Xu Biang discovered that the strongSwan client incorrectly handled
EAP-MSCHAPv2 failure requests. If a user or automated system were tricked
into connecting to a malicious server, a remote attacker could use this
issue to cause strongSwan to crash, resulting in a denial of service, or
possibly execute arbitrary code.

Solutions

ubuntu-upgrade-libstrongswanubuntu-upgrade-strongswan

References

CVE-2025-62291
https://attackerkb.com/topics/CVE-2025-62291
UBUNTU-USN-7841-1
URL-https://ubuntu.com/security/notices/USN-7841-1
URL-https://www.cve.org/CVERecord?id=CVE-2025-62291
URL-https://www.strongswan.org/blog/2025/10/27/strongswan-vulnerability-(cve-2025-62291).html

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today