CVE-2025-32803

Summary

In some cases, Kea log files or lease files may be world-readable. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8.

Affected Software

VendorProductVersion RangeStatus
ISCKea2.4.0 <= 2.4.1affected
ISCKea2.6.0 <= 2.6.2affected
ISCKea2.7.0 <= 2.7.8affected

Weaknesses

  • CWE-276: CWE-276 Incorrect Default Permissions

Workarounds

It is possible to work around this problem by ensuring that the directories that contain the logs and lease files are only accessible to trusted users.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References