Components
Vulnerabilities
Pricing
MCP
Docs
Sign up
Login
Find vulnerabilities. Fix fast with AI.
Search components by package, version, or CVE to get started.
Ecosystem
Package
Version
Vulnerabilities
CVE-2025-62291
CVE-2025-62291
In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow.
Published Jan 19, 2026
https://www.strongswan.org/blog/2025/10/27/strongswan-vulnerability-%28cve-2025-62291%29.html
CVSS Score
High
8.1
Components Impacted
Components Impacted
Security Details
Security Details
Sonatype Research
Sonatype Research
Ecosystem
Package
Version
Ecosystem
Package
Version
rpm
strongswan
5.4.0-2.el6
rpm
strongswan
5.5.3-1.el7
rpm
strongswan
5.6.1-2.el7
rpm
strongswan
5.6.3-1.el7
rpm
strongswan
5.7.1-1.el7
rpm
strongswan
5.7.2-1.el7
rpm
strongswan
5.7.2-1.el8
rpm
strongswan
5.7.2-1.epel8.playground
rpm
strongswan
5.8.1-1.epel8.playground
rpm
strongswan
5.8.2-1.epel8.playground
rpm
strongswan
5.8.2-5.el8
rpm
strongswan
5.8.2-5.epel8.playground
rpm
strongswan
5.9.1-1.el8
rpm
strongswan
5.9.10-1.el8
rpm
strongswan
5.9.10-1.el9
rpm
strongswan
5.9.10-2.el8
rpm
strongswan
5.9.10-2.el9
rpm
strongswan
5.9.11-1.el9
rpm
strongswan
5.9.14-5.el10_0
rpm
strongswan
5.9.4-1.el8
rpm
strongswan
5.9.4-2.el8
rpm
strongswan
5.9.4-4.el9
rpm
strongswan
5.9.5-2.el8
rpm
strongswan
5.9.5-2.el9
rpm
strongswan
5.9.5-3.el9
rpm
strongswan
5.9.6-1.el8
rpm
strongswan
5.9.6-1.el9
rpm
strongswan
5.9.8-1.el8
rpm
strongswan
5.9.8-1.el9
rpm
strongswan
5.9.9-2.el8
rpm
strongswan
5.9.9-2.el9
1-31 of 31
CVE-2025-62291 | Components Impacted | Sonatype Guide | Sonatype Guide
