CVE-2025-32802

CVE-2025-32802

Name

CVE-2025-32802

Description

Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
vendor-advisory	https://kb.isc.org/docs/cve-2025-32802

Type

URI

vendor-advisory

https://kb.isc.org/docs/cve-2025-32802

Source package	Min version	Max version
kea	>= 2.4.0	<= 2.4.1
kea	>= 2.6.0	<= 2.6.2
kea	>= 2.7.0	<= 2.7.8

CPE URI

Source package

Min version

Max version

kea

>= 2.4.0

<= 2.4.1

kea

>= 2.6.0

<= 2.6.2

kea

>= 2.7.0

<= 2.7.8

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
kea	edge-main	2.6.3-r0	Jakub Jirutka <jakub@jirutka.cz>	fixed
kea	edge-main	2.6.2-r1	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
kea	edge-main	2.6.2-r0	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
kea	edge-main	2.6.1-r1	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
kea	3.22-main	2.6.3-r0	Jakub Jirutka <jakub@jirutka.cz>	fixed
kea	3.21-main	2.6.2-r0	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
kea	3.21-main	2.6.1-r1	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
kea	3.20-main	2.4.1-r2	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
kea	3.19-main	2.4.1-r0	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

kea

edge-main

2.6.3-r0

Jakub Jirutka <jakub@jirutka.cz>

fixed

kea

edge-main