From 1014d74e4b51c777f6cf81db86655fdea0613f61 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Fri, 24 Oct 2025 15:22:53 +0200
Subject: [PATCH] NEWS: Add info about CVE-2025-62291

---
 NEWS | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/NEWS b/NEWS
index 916f279018..ce3cdd2570 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,11 @@
 strongswan-6.0.3
 ----------------
 
+- Fixed a vulnerability in the eap-mschapv2 plugin related to processing Failure
+  Request packets on the client that can lead to a heap-based buffer overflow
+  and potentially remote code execution.
+  This vulnerability has been registered as CVE-2025-62291.
+
 - The new `alert` event for vici is raised for certain error conditions.
 
 - Only plugins with matching version number are loaded by programs.
-- 
2.47.3