CVE-2025-8763
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-09

Last updated on: 2025-08-11

Assigner: VulDB

Description
A vulnerability was found in Ruijie EG306MG 3.0(1)B11P309. It has been rated as problematic. This issue affects some unknown processing of the file /etc/strongswan.conf of the component strongSwan. The manipulation of the argument i_dont_care_about_security_and_use_aggressive_mode_psk leads to missing encryption of sensitive data. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-09
Last Modified
2025-08-11
Generated
2026-05-06
AI Q&A
2025-08-09
EPSS Evaluated
2026-05-05
NVD
CVE-2025-8763
EUVD
EUVD-2025-24057
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
strongswan strongswan *
ruijie eg306mg 3.0(1)b11p309
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-311 The product does not encrypt sensitive or critical information before storage or transmission.
CWE-310 Cryptographic Issues
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :

The vulnerability can lead to the compromise of VPN authentication by allowing attackers to perform offline brute-force attacks on the PSK hash transmitted in Aggressive Mode. This results in missing encryption of sensitive or critical information, compromising confidentiality. The attack can be initiated remotely without authentication, but exploitation is considered difficult. There are no known mitigations, and the affected product may need to be replaced to avoid risk. [1, 2]


Can you explain this vulnerability to me?

This vulnerability affects the Ruijie EG306MG device running firmware version 3.0(1)B11P309, specifically the strongSwan VPN configuration file (/etc/strongswan.conf). The issue is caused by the setting 'i_dont_care_about_security_and_use_aggressive_mode_psk' being enabled, which allows IKE Responders to accept IKEv1 Aggressive Mode connections using Pre-Shared Keys (PSK). Aggressive Mode transmits a hash of the PSK openly, enabling attackers to perform offline brute-force attacks against the PSK hash and potentially compromise VPN authentication. This misconfiguration leads to missing encryption of sensitive data, weakening the device's security. [1, 2]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by checking the configuration file /etc/strongswan.conf on the Ruijie EG306MG device for the presence and enabling of the argument i_dont_care_about_security_and_use_aggressive_mode_psk. A command such as `grep i_dont_care_about_security_and_use_aggressive_mode_psk /etc/strongswan.conf` can be used to detect if this insecure setting is enabled. Additionally, monitoring for IKEv1 Aggressive Mode connections using PSK on the network may help identify attempts to exploit this vulnerability. [1]


What immediate steps should I take to mitigate this vulnerability?

There are no known countermeasures or mitigations currently available for this vulnerability. The advisory suggests considering replacing the affected product with an alternative. Immediate steps include disabling the insecure argument i_dont_care_about_security_and_use_aggressive_mode_psk if possible, avoiding the use of IKEv1 Aggressive Mode with PSK, and monitoring for suspicious activity. Since the vendor has not responded and no patches exist, replacing the device or firmware with a secure alternative is recommended. [2]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart