CVE-2025-32801
Description
Kea DHCP server's configuration and API can load arbitrary hook libraries, enabling local privilege escalation from an unprivileged user to root.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Kea DHCP server's configuration and API can load arbitrary hook libraries, enabling local privilege escalation from an unprivileged user to root.
Vulnerability
Description
The Kea DHCP server allows loading hook libraries through configuration directives and API commands. In many common deployments, Kea runs as root, leaves API entry points unsecured by default, or places control sockets in insecure paths. This design flaw enables an attacker with local unprivileged access to instruct Kea to load a malicious hook library from an arbitrary file [1].
Exploitation
Prerequisites
An attacker must have access to a local unprivileged user account on the system. Additionally, the Kea API entry points must not be secured—either because authentication is disabled or control sockets are placed in world-writable directories. Under these conditions, the attacker can send API commands to load a hook library they control [1].
Impact
The malicious hook library executes with the privileges of the Kea process, which is often root. This results in full compromise of the system's confidentiality, integrity, and availability. The vulnerability has a CVSS v3 score of 7.8 (High) [1].
Mitigation
ISC has released patched versions: 2.4.2, 2.6.3, and 2.7.9. As a workaround, administrators can disable the Kea API entirely or secure it by requiring authentication and restricting control socket directories to trusted users. No active exploits have been reported [1].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
8- osv-coords7 versionspkg:rpm/almalinux/kea-docpkg:rpm/opensuse/kea&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kea&distro=openSUSE%20Tumbleweedpkg:rpm/suse/kea&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/kea&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP7pkg:rpm/suse/kea&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/kea&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6
< 2.6.3-1.el10_0+ 6 more
- (no CPE)range: < 2.6.3-1.el10_0
- (no CPE)range: < 2.6.3-150600.13.6.1
- (no CPE)range: < 2.6.3-1.1
- (no CPE)range: < 2.6.3-150700.3.3.5
- (no CPE)range: < 2.6.3-150700.3.3.5
- (no CPE)range: < 2.6.3-150600.13.6.1
- (no CPE)range: < 2.6.3-150600.13.6.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.