CVE-2025-40779

A vulnerability was found in Kea. When an attacker who is an existing client with an assigned IP sends a crafted unicast packet directly to the server's IP and Kea cannot find any subnets that match that client's credentials, the server crashes causing a Denial of Service via assertion/NULL-path...

Linux Distros Unpatched Vulnerability : CVE-2025-32801

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points...

CVE-2025-32803

CVE-2025-32803 affects ISC Kea log/lease files that can be world-readable. Affected Kea versions: 2.4.0–2.4.1, 2.6.0–2.6.2, 2.7.0–2.7.8. The CVE is categorized with LOCAL attack vector, low confidentiality impact, and no exploitation details provided in the initial documents. Connected advisories...

CVE-2025-32803 Insecure file permissions can result in confidential information leakage

In some cases, Kea log files or lease files may be world-readable. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8...

CVE-2025-32802

CVE-2025-32802 affects the Kea DHCP server. The issue arises from insecure handling of configuration and API directives, allowing an attacker to overwrite arbitrary files depending on the Kea process permissions. Affected versions include 2.4.0–2.4.1, 2.6.0–2.6.2, and 2.7.0–2.7.8. The vulnerabili...

CVE-2025-32801 Loading a malicious hook library can lead to local privilege escalation

Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through...