High severity7.5NVD Advisory· Published Aug 27, 2025· Updated Apr 15, 2026
CVE-2025-40779
CVE-2025-40779
Description
If a DHCPv4 client sends a request with some specific options, and Kea fails to find an appropriate subnet for the client, the kea-dhcp4 process will abort with an assertion failure. This happens only if the client request is unicast directly to Kea; broadcast messages do not cause the problem. This issue affects Kea versions 2.7.1 through 2.7.9, 3.0.0, and 3.1.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5- osv-coords3 versionspkg:deb/debian/isc-kea?arch=sourcepkg:rpm/opensuse/kea&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kea&distro=openSUSE%20Tumbleweed
>= 0+ 2 more
- (no CPE)range: >= 0
- (no CPE)range: < 3.0.1-160000.1.1
- (no CPE)range: < 3.0.1-1.1
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.