Encryption Weakness in Ruijie EG306MG Affecting StrongSwan Configuration
CVE-2025-8763

6.3MEDIUM

Key Information:

Vendor

Ruijie

Status
Eg306mg
Vendor
CVE Published:
9 August 2025

What is CVE-2025-8763?

A vulnerability exists within the Ruijie EG306MG product related to the configuration of strongSwan. Specifically, the manipulation of the argument 'i_dont_care_about_security_and_use_aggressive_mode_psk' within the /etc/strongswan.conf file can lead to sensitive data being transmitted without proper encryption. This situation exposes users to potential data interception and exploitation. The vulnerability can be activated remotely, although the attack complexity is elevated, making exploitation a challenging task. The vendor was informed of this issue but has yet to respond.

Affected Version(s)

EG306MG 3.0(1)B11P309

References

https://vuldb.com/?id.319265
vdb-entrytechnical-description
https://vuldb.com/?ctiid.319265
signaturepermissions-required
https://vuldb.com/?submit.624325
third-party-advisory

CVSS V4

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

TPCHECKER (VulDB User)
.
CVE-2025-8763 : Encryption Weakness in Ruijie EG306MG Affecting StrongSwan Configuration