CVE-2025-32802
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Summary
Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ISC | Kea | 2.4.0 <= 2.4.1 | affected |
| ISC | Kea | 2.6.0 <= 2.6.2 | affected |
| ISC | Kea | 2.7.0 <= 2.7.8 | affected |
Weaknesses
- CWE-73: CWE-73 External Control of File Name or Path
- CWE-379: CWE-379 Creation of Temporary File in Directory with Insecure Permissions
Workarounds
Two mitigation approaches are possible: (1) Disable the API entirely, by (1a) disabling the kea-ctrl-agent, and (1b) removing any "control-socket" stanzas from the Kea configuration files; or (2) Secure access to the API by (2a) requiring authentication (a password or client certificate) for the kea-ctrl-agent, and (2b) configuring all "control-socket" stanzas to use a directory restricted to only trusted users.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.