CVE-2025-8763 is a vulnerability identified in the Ruijie EG306MG device running firmware version 3.0(1)B11P309. The issue arises from improper handling of the /etc/strongswan.conf configuration file, specifically related to the manipulation of the argument named i_dont_care_about_security_and_use_aggressive_mode_psk. This parameter appears to control the use of aggressive mode with a pre-shared key (PSK) in strongSwan, an IPsec implementation used for VPN connections. The vulnerability results in missing encryption of sensitive data, meaning that certain critical information that should be protected by encryption is instead exposed in plaintext or insufficiently protected. The attack vector is remote, indicating that an attacker does not require physical access to the device to exploit this flaw. However, the attack complexity is rated as high, and exploitation is considered difficult, suggesting that successful exploitation requires advanced skills or specific conditions. No authentication or user interaction is needed, but the vulnerability only impacts the confidentiality of data (VC:L), with no impact on integrity or availability. The vendor Ruijie has not responded to disclosure attempts, and no patches or mitigations have been released at the time of publication. The CVSS v4.0 score is 6.3 (medium severity), reflecting the moderate risk posed by this vulnerability. No known exploits are currently in the wild. The vulnerability affects a specific firmware version of the EG306MG device, which is a network appliance likely used in enterprise or service provider environments for VPN or secure communications.

For European organizations, the impact of CVE-2025-8763 could be significant in environments where Ruijie EG306MG devices are deployed, particularly in VPN infrastructures relying on strongSwan for secure communications. The missing encryption of sensitive data could lead to exposure of confidential information such as VPN credentials, session keys, or configuration details, potentially allowing attackers to intercept or decrypt VPN traffic. This compromises confidentiality and could facilitate further network intrusion or data exfiltration. Although exploitation is difficult, the remote attack vector means that attackers could attempt to leverage this vulnerability without physical access, increasing the risk surface. European organizations in sectors with high security requirements—such as finance, government, healthcare, and critical infrastructure—may face increased risks if these devices are part of their network security architecture. The lack of vendor response and absence of patches exacerbate the risk, as organizations cannot rely on official fixes and must implement compensating controls. Additionally, exposure of sensitive VPN data could violate European data protection regulations like GDPR if personal or sensitive data is compromised, leading to legal and reputational consequences.

Given the absence of vendor patches, European organizations should take proactive and specific steps to mitigate this vulnerability: 1) Immediately audit network environments to identify any Ruijie EG306MG devices running the affected firmware version 3.0(1)B11P309. 2) Disable or avoid using aggressive mode with pre-shared keys in strongSwan configurations on these devices, as this is the root cause of the missing encryption. Instead, configure strongSwan to use more secure modes such as main mode with certificate-based authentication. 3) Restrict remote management and access to the affected devices by implementing strict firewall rules, VPN access controls, and network segmentation to limit exposure to untrusted networks. 4) Monitor network traffic for unusual or unauthorized access attempts targeting these devices, using intrusion detection/prevention systems (IDS/IPS) and security information and event management (SIEM) tools. 5) Consider replacing or upgrading affected devices to newer models or firmware versions once patches become available or if alternative secure solutions exist. 6) Educate network administrators about the risks of using aggressive mode PSK and enforce secure VPN configuration policies. 7) If possible, implement additional encryption layers or endpoint security measures to protect sensitive data in transit and at rest. These targeted mitigations go beyond generic advice by focusing on the specific vulnerable configuration and device context.