PT-2025-23106 · Isc+2 · Kea+2
Published
2025-05-28
·
Updated
2026-03-26
·
CVE-2025-32803
CVSS v3.1
4.0
Medium
| Vector | AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Kea versions 2.4.0 through 2.4.1
Kea versions 2.6.0 through 2.6.2
Kea versions 2.7.0 through 2.7.8
Description
In some cases, Kea log files or lease files may be world-readable.
Recommendations
For Kea versions 2.4.0 through 2.4.1, update to a version outside of this range to mitigate the risk.
For Kea versions 2.6.0 through 2.6.2, update to a version outside of this range to mitigate the risk.
For Kea versions 2.7.0 through 2.7.8, update to a version outside of this range to mitigate the risk.
As a temporary workaround, consider restricting access to the log files and lease files to minimize the risk of exploitation.
Fix
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Kea
Red Os