CVE-2025-8763 is a medium-severity vulnerability affecting the Ruijie EG306MG network device, specifically version 3.0(1)B11P309. The issue arises from improper handling of the /etc/strongswan.conf file, a configuration file used by the strongSwan IPsec implementation. The vulnerability is triggered by manipulation of the configuration argument named 'i_dont_care_about_security_and_use_aggressive_mode_psk', which results in sensitive data not being encrypted as expected. This missing encryption flaw could expose critical information such as pre-shared keys or other confidential configuration parameters. The vulnerability can be exploited remotely without authentication or user interaction, but the attack complexity is high and exploitation is considered difficult. The vendor Ruijie has not responded to disclosure attempts, and no patches or mitigations have been published yet. The CVSS 4.0 base score is 6.3, reflecting a medium severity with network attack vector, high attack complexity, and no privileges or user interaction required. The impact is limited to confidentiality (low impact), with no effect on integrity or availability. No known exploits are currently in the wild. This vulnerability highlights a critical misconfiguration or design flaw in the encryption handling of strongSwan within the affected Ruijie device firmware, potentially exposing sensitive VPN or network security credentials to remote attackers.

For European organizations using Ruijie EG306MG devices, particularly in environments relying on IPsec VPNs or secure network tunnels, this vulnerability could lead to exposure of sensitive cryptographic material such as pre-shared keys. This exposure undermines the confidentiality of VPN communications and could allow attackers to decrypt or intercept sensitive traffic, leading to potential data breaches or unauthorized network access. Although exploitation is difficult and requires high complexity, the remote attack vector and lack of authentication increase the risk surface. Organizations in sectors with stringent data protection requirements (e.g., finance, healthcare, government) could face compliance issues or reputational damage if sensitive data is compromised. The absence of vendor response and patches further elevates risk, as affected devices remain vulnerable. However, the limited impact on integrity and availability means operational disruption or data manipulation is unlikely. Overall, the threat is significant for organizations relying on Ruijie EG306MG devices for secure communications, especially where strongSwan is used for VPN services.

Given the lack of vendor patches, European organizations should take immediate steps to mitigate risk. First, audit all Ruijie EG306MG devices to identify affected firmware versions (3.0(1)B11P309). Disable or avoid using the 'aggressive mode' with pre-shared keys in strongSwan configurations, as this mode is implicated in the vulnerability. Where possible, switch to more secure authentication methods such as certificate-based IPsec authentication. Implement network segmentation and strict firewall rules to limit remote access to management interfaces and VPN endpoints on these devices. Monitor network traffic for unusual activity that could indicate attempts to exploit this vulnerability. Consider deploying intrusion detection systems tuned for strongSwan or IPsec anomalies. If feasible, replace vulnerable devices with alternative hardware from vendors with active security support. Maintain close monitoring of Ruijie communications for any forthcoming patches or advisories. Finally, ensure that all sensitive cryptographic keys are rotated regularly to reduce exposure duration.