Blog

Release and vulnerability announcements for strongSwan

strongSwan 6.0.3 Released

We are happy to announce the release of strongSwan 6.0.3, which fixes a vulnerability in the eap-mschapv2 plugin, adds a new event to receive alerts via VICI, supports referencing on-device certificates in managed profiles of the Android app, and comes with several other new features and fixes.

release6.0.x

Vulnerability in eap-mschapv2 Plugin (CVE-2025-62291)

A vulnerability in the eap-mschapv2 plugin related to processing Failure Request packets on the client was fixed. Due to an incorrect length check that can cause an integer underflow, this could lead to a heap-based buffer overflow and possibly remote code execution. All strongSwan versions since 4.2.12 are affected.

More information is provided in a separate blog entry.

New Event for Alerts via VICI

The new alert event for VICI is raised for certain error conditions. It provides a convenient alternative to the error-notify plugin for VICI clients.

When using the Python VICI bindings, the new EventListener class offers decorators that can simplify listening for events.

Referencing On-Device Certificates in Managed Profiles

Managed VPN profiles in the Android app may now reference certificates/private keys already installed on the managed device as an alternative to distributing a PKCS#12 file with the profile. The MDM has to grant permission to the app to access the certificate/key with that alias.
If neither a certificate nor an alias is distributed with the managed profile, users may now also select a local, user-selectable certificate when editing the managed profile (they are prompted to do so if no certificate is configured yet when they try to connect). This user action grants permission to the app explicitly (as it does for unmanaged profiles).

Other Notable Features and Fixes

  • Daemons and utilities only load plugins with a matching version number to avoid all sorts of issues if plugins of previous builds are loaded that were not uninstalled. When writing your own plugin, the PLUGIN_DEFINE() macro may be used to define the required constant.
  • Fallback to the IKE identity if the client does not provide an EAP-Identity. This restores compatibility with implementations like the native Android client that send an empty EAP-Identity, which worked before 6.0.2 where this was just silently ignored.
  • Initiated IKE SAs tracked by the controller (if initiated manually or via start action) or the trap-manager (if initiated via acquire) are now migrated if the SA is redirected during IKE_AUTH (which creates a new IKE SA object). This allows tracking the progress of the initiation properly.
  • The openssl plugin now supports Ed25519 via AWS-LC. It also loads EdDSA keys from PKCS#12 containers.
  • Improved the detection of already unwrapped CKA_EC_POINTs in the pkcs11 plugin, because the previous check could cause false positives that resulted in mangled EC points.
  • Fixed a typo in the managed configuration description XML of the Android app that prevented split-tunneling settings from getting applied.

Download Complete Changelog