Medium severity6.1NVD Advisory· Published May 28, 2025· Updated Apr 15, 2026

CVE-2025-32802

Description

Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

kb.isc.org/docs/cve-2025-32802nvd

News mentions

No linked articles in our index yet.

cvss	0.397
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000