High severity7.5NVD Advisory· Published Oct 29, 2025· Updated Apr 15, 2026
CVE-2025-11232
CVE-2025-11232
Description
To trigger the issue, three configuration parameters must have specific settings: "hostname-char-set" must be left at the default setting, which is "[^A-Za-z0-9.-]"; "hostname-char-replacement" must be empty (the default); and "ddns-qualifying-suffix" must *NOT* be empty (the default is empty). DDNS updates do not need to be enabled for this issue to manifest. A client that sends certain option content would then cause kea-dhcp4 to exit unexpectedly. This issue affects Kea versions 3.0.1 through 3.0.1 and 3.1.1 through 3.1.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
10- osv-coords9 versionspkg:rpm/almalinux/keapkg:rpm/almalinux/kea-docpkg:rpm/almalinux/kea-hookspkg:rpm/almalinux/kea-keamapkg:rpm/almalinux/kea-libspkg:rpm/opensuse/kea&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kea&distro=openSUSE%20Tumbleweedpkg:rpm/suse/kea&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/kea&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0
< 3.0.1-2.el10_1+ 8 more
- (no CPE)range: < 3.0.1-2.el10_1
- (no CPE)range: < 3.0.1-2.el10_1
- (no CPE)range: < 3.0.1-2.el10_1
- (no CPE)range: < 3.0.1-2.el10_1
- (no CPE)range: < 3.0.1-2.el10_1
- (no CPE)range: < 3.0.3-160000.1.1
- (no CPE)range: < 3.0.2-1.1
- (no CPE)range: < 3.0.3-160000.1.1
- (no CPE)range: < 3.0.3-160000.1.1
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.