Alerts This Week
Warning Icon 1 1,153
Alerts This Week
Warning Icon 1 1,153

SUSE StrongSwan Integer Underflow Vulnerability Leads to File Access Risk

suse
Calendar Grey April 21, 2026
Dist Suse Esm H88
Update for strongswan resolves important vulnerabilities related to file access and integer underflow in SUSE.
An update that solves two vulnerabilities can now be installed.

Summary

## This update for strongswan fixes the following issues: Update to strongswan 6.0.4: * CVE-2025-9615: NetworkManager File Access (bsc#1257359). * CVE-2026-25075: Integer Underflow When Handling EAP-TTLS AVP (bsc#1259472). Changes for strongswan: * Fixed a vulnerability in the NetworkManager plugin that potentially allows using credentials of other local users. This vulnerability has been registered as CVE-2025-9615. * The maximum supported length for section names in swanctl.conf has been increased to the upper limit of 256 characters that's enforced by VICI. * Prevent a crash if a confused peer rekeys a Child SA twice before sending a delete. * Fixed a memory leak if a peer's self-signed certificate is untrusted. ## Patch Instructions:

References

* bsc#1257359

* bsc#1259472

Cross-

* CVE-2025-9615

* CVE-2026-25075

CVSS scores:

* CVE-2025-9615 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

* CVE-2025-9615 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

* CVE-2026-25075 ( SUSE ): 8.2

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2026-25075 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2026-25075 ( NVD ): 8.7

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

* CVE-2026-25075 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* SUSE Linux Enterprise Server 16.0

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:21203-1
Release Date: 2026-04-16T09:06:50Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here