CVE-2025-32803

Published: May 28, 2025Modified: May 29, 2025

4.0

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.5 / Impact: 1.4

Source: security-officer@isc.org (Secondary)

Description

In some cases, Kea log files or lease files may be world-readable. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8.

Related CWEs

CWE-276

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (1)

https://kb.isc.org/docs/cve-2025-32803

Source: security-officer@isc.org

Timeline

No history available yet.