CVE-2025-32802

Summary

Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8.

Affected Software

VendorProductVersion RangeStatus
ISCKea2.4.0 <= 2.4.1affected
ISCKea2.6.0 <= 2.6.2affected
ISCKea2.7.0 <= 2.7.8affected

Weaknesses

  • CWE-73: CWE-73 External Control of File Name or Path
  • CWE-379: CWE-379 Creation of Temporary File in Directory with Insecure Permissions

Workarounds

Two mitigation approaches are possible: (1) Disable the API entirely, by (1a) disabling the kea-ctrl-agent, and (1b) removing any &#34;control-socket&#34; stanzas from the Kea configuration files; or (2) Secure access to the API by (2a) requiring authentication (a password or client certificate) for the kea-ctrl-agent, and (2b) configuring all &#34;control-socket&#34; stanzas to use a directory restricted to only trusted users.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References