CVE-2025-62291

Unknown Unknown - Not Provided

BaseFortify

Publication date: 2026-01-16

Last updated on: 2026-01-16

Assigner: MITRE

Description

In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-01-16

Last Modified

2026-01-16

Generated

2026-05-07

EPSS Evaluated

2026-05-05

NVD

CVE-2025-62291

EUVD

EUVD-2026-2870

Affected Vendors & Products

Vendor	Product	Version / Range
strongswan	eap-mschapv2	to 6.0.3 (exc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-191	The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

Attack-Flow Graph

Ask Our AI Assistant

Need more information? Ask your question to get an AI reply (Powered by our expertise)

0/70

CVE-2025-62291

BaseFortify

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

Ask Our AI Assistant

EPSS Chart