CVE-2025-24356

fastd is a VPN daemon which tunnels IP packets and Ethernet frames over UDP. When receiving a data packet from an unknown IP address/port combination, fastd will assume that one of its connected peers has moved to a new address and initiate a reconnect by sending a handshake packet. This "fast reconnect" avoids having to wait for a session timeout (up to ~90s) until a new connection is established. Even a 1-byte UDP packet just containing the fastd packet type header can trigger a much larger handshake packet (~150 bytes of UDP payload). Including IPv4 and UDP headers, the resulting amplification factor is roughly 12-13. By sending data packets with a spoofed source address to fastd instances reachable on the internet, this amplification of UDP traffic might be used to facilitate a Distributed Denial of Service attack. This vulnerability is fixed in v23.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/neocturne/fastd/commit/1f233bee76b722c0b3f9024f2c39c72e9f7e5843	Patch
https://github.com/neocturne/fastd/commit/3940150e801d0c91460491bec32cbcc5bbc89d5f	Patch
https://github.com/neocturne/fastd/commit/5f63fcfc18ae9cad023fa463b152d5e14192b5a8	Patch
https://github.com/neocturne/fastd/commit/9df7e516378441d2d17b89f9db5c27c8312d8f12	Patch
https://github.com/neocturne/fastd/commit/c1a07b3f2b9066c3713c68547da700b85d60f4f7	Patch
https://github.com/neocturne/fastd/commit/ce1b79b12dbfa796743b5f3a50789ade965b7023	Patch
https://github.com/neocturne/fastd/commit/d03a0a17347efb5293e42fde7d982781e90f14ef	Patch
https://github.com/neocturne/fastd/security/advisories/GHSA-pggg-vpfv-4rcv	Patch Vendor Advisory Mitigation

Configurations

Configuration 1 (hide)

cpe:2.3:a:fastd_project:fastd:*:*:*:*:*:*:*:*

History

27 Aug 2025, 02:15

Type	Values Removed	Values Added
References	~~() https://github.com/neocturne/fastd/commit/1f233bee76b722c0b3f9024f2c39c72e9f7e5843 -~~	() https://github.com/neocturne/fastd/commit/1f233bee76b722c0b3f9024f2c39c72e9f7e5843 - Patch
References	~~() https://github.com/neocturne/fastd/commit/3940150e801d0c91460491bec32cbcc5bbc89d5f -~~	() https://github.com/neocturne/fastd/commit/3940150e801d0c91460491bec32cbcc5bbc89d5f - Patch
References	~~() https://github.com/neocturne/fastd/commit/5f63fcfc18ae9cad023fa463b152d5e14192b5a8 -~~	() https://github.com/neocturne/fastd/commit/5f63fcfc18ae9cad023fa463b152d5e14192b5a8 - Patch
References	~~() https://github.com/neocturne/fastd/commit/9df7e516378441d2d17b89f9db5c27c8312d8f12 -~~	() https://github.com/neocturne/fastd/commit/9df7e516378441d2d17b89f9db5c27c8312d8f12 - Patch
References	~~() https://github.com/neocturne/fastd/commit/c1a07b3f2b9066c3713c68547da700b85d60f4f7 -~~	() https://github.com/neocturne/fastd/commit/c1a07b3f2b9066c3713c68547da700b85d60f4f7 - Patch
References	~~() https://github.com/neocturne/fastd/commit/ce1b79b12dbfa796743b5f3a50789ade965b7023 -~~	() https://github.com/neocturne/fastd/commit/ce1b79b12dbfa796743b5f3a50789ade965b7023 - Patch
References	~~() https://github.com/neocturne/fastd/commit/d03a0a17347efb5293e42fde7d982781e90f14ef -~~	() https://github.com/neocturne/fastd/commit/d03a0a17347efb5293e42fde7d982781e90f14ef - Patch
References	~~() https://github.com/neocturne/fastd/security/advisories/GHSA-pggg-vpfv-4rcv -~~	() https://github.com/neocturne/fastd/security/advisories/GHSA-pggg-vpfv-4rcv - Patch, Vendor Advisory, Mitigation
First Time		Fastd Project fastd Fastd Project
CPE		cpe:2.3:a:fastd_project:fastd::::::::
Summary		(es) fastd es una VPN daemon que tuneliza paquetes IP y tramas Ethernet sobre UDP. Al recibir un paquete de datos de una combinación desconocida de dirección IP/puerto, fastd asumirá que uno de sus pares conectados se ha mudado a una nueva dirección e iniciará una reconexión enviando un paquete handshake. Esta "reconexión rápida" evita tener que esperar a que se agote el tiempo de espera de la sesión (hasta ~90 s) hasta que se establezca una nueva conexión. Incluso un paquete UDP de 1 byte que solo contenga el encabezado de tipo de paquete fastd puede activar un paquete handshakee mucho más grande (~150 bytes de UDP payload). incluida IPv4 y encabezados UDP, el factor de amplificación resultante es aproximadamente 12-13. Al enviar paquetes de datos con una dirección de origen falsificada a instancias de fastd accesibles en Internet, esta amplificación del tráfico UDP podría usarse para facilitar un ataque de denegación de servicio distribuido. Esta vulnerabilidad se corrigió en la v23.
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5

27 Jan 2025, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-27 18:15

Updated : 2025-08-27 02:15

NVD link : CVE-2025-24356

Mitre link : CVE-2025-24356

CVE.ORG link : CVE-2025-24356

JSON object : View

Products Affected

fastd_project

fastd

CWE

CWE-405

Asymmetric Resource Consumption (Amplification)

7.5 /10