I've seen here on the forum a case like this, the solution was to export the ipsec configuration into an external text file, remove it on the machine, upgrade the machine and create the ipsec configuration manually again. There was a significant change in the IPsec configuration structure either between 6.42 an 6.43 or between 6.43 and 6.44 so it may be a bit challenging if the latter is true.
Try first what sindy suggests, but it didn't work for me (I'm one of the cases, the one that was able to solve it without netinstalling). Even after having empty ipsec configuration the same CPU loop and not being able to even finish
/ip ipsec export would happen after upgrade.
Also, having a backup in the long term version, resetting to default and restoring the backup didn't work, same results.
What worked for me was to export whole configuration, reset the router to default configuration, upgrade RouterOS and then reconstruct it by hand with from the export script. (I don't remember if I resetted it under the old or the new version, probably better to do it in both versions). Notice that the ipsec commands change between 6.43.16 and 6.44.5, as the commands have changed... user -> identity, etc. So your export needs to be patched by hand to work under 6.44+. Also notice that keys and certificates need also to be taken care in the process.