Safely detect whether a strongSwan VPN server is vulnerable to CVE-2026-25075 without causing any disruption. See the full write-up at the Bishop Fox blog.
CVE-2026-25075 is an integer underflow vulnerability in strongSwan's EAP-TTLS plugin that allows remote, unauthenticated attackers to crash the IKE daemon through a specially crafted EAP-TTLS message. The vulnerability affects all strongSwan versions from 4.5.0 through 6.0.4, spanning over 15 years of releases.
This tool performs non-destructive vulnerability testing by:
- Establishing a complete IKEv2 session with EAP-TTLS authentication
- Negotiating encryption keys through Diffie-Hellman key exchange
- Completing the TLS handshake required for EAP-TTLS
- Sending a test AVP (Attribute-Value Pair) with
length=1but no data payload
Sending an AVP header with an invalid length field but no accompanying data triggers the integer underflow for detection purposes, but avoids heap corruption because memcpy(ptr, data, 0) is a no-op. The server remains stable and can continue handling connections.
-
Vulnerable servers will accept the malformed AVP and send an EAP-TTLS acknowledgment, confirming the presence of CVE-2026-25075.
-
Patched servers (6.0.5+) will reject the malformed AVP due to validation checks introduced in the fix.
-
Unaffected servers will fail to perform the EAP-TTLS handshake, in which case the vulnerability is effectively mitigated.
git clone https://github.com/BishopFox/CVE-2026-25075-check
cd CVE-2026-25075-check
python3 -m pip install pycryptodome tlslite-ngTest a strongSwan server at <TARGET>:<PORT>. The default IKE port is 500/UDP.
python3 CVE-2026-25075-check.py <TARGET> [PORT]$ python3 CVE-2026-25075-check.py 192.168.1.100 500
======================================================================
strongSwan CVE-2026-25075 Vulnerability Scanner
Non-Destructive Detection
======================================================================
[*] Target: 192.168.1.100:500
[*] Testing for CVE-2026-25075 (non-destructive)
[1] IKE_SA_INIT... OK
[2] IKE_AUTH... OK
[3] EAP Identity... OK
[4] TLS handshake... OK
[5] Sending test AVP with length=1 (header only, no data)... SENT
[*] Analyzing server response...
[+] Server sent EAP-TTLS ACK (waiting for more data)
[!] Server accepted AVP with length < 8
[!] Integer underflow vulnerability confirmed
======================================================================
RESULT: VULNERABLE to CVE-2026-25075
Server version likely: 4.5.0 - 6.0.4
Recommendation: Upgrade to strongSwan 6.0.5+
======================================================================$ python3 CVE-2026-25075-check.py 192.168.1.200 500
======================================================================
strongSwan CVE-2026-25075 Vulnerability Scanner
Non-Destructive Detection
======================================================================
[*] Target: 192.168.1.200:500
[*] Testing for CVE-2026-25075 (non-destructive)
[1] IKE_SA_INIT... OK
[2] IKE_AUTH... OK
[3] EAP Identity... OK
[4] TLS handshake... OK
[5] Sending test AVP with length=1 (header only, no data)... SENT
[*] Analyzing server response...
[!] No response from server
[-] Connection likely closed (AVP rejected)
======================================================================
RESULT: NOT VULNERABLE (or patched)
Server rejected AVP with invalid length
======================================================================The tool can only detect the vulnerability if the following conditions are met:
- The target is running strongSwan (4.5.0 through 6.0.4 for vulnerable versions)
- The EAP-TTLS plugin is enabled and configured
- The server accepts IKEv2 connections
- The server negotiates EAP-TTLS as an authentication method
If any condition isn't met, the tool will fail gracefully at the corresponding stage and report an INCONCLUSIVE result. For example:
- If EAP-TTLS is not enabled, the tool will report that the server doesn't support this authentication method
- If the server is not strongSwan, the IKE handshake may fail
- If the server is patched (6.0.5+), it will reject the malformed AVP during validation
This code is distributed under an MIT license.
Usage of this tool for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state, and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.
