CVE-2025-32802
Publication date 28 May 2025
Last updated 30 May 2025
Ubuntu priority
Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| isc-kea | 25.04 plucky |
Needs evaluation
|
| 24.10 oracular |
Needs evaluation
|
|
| 24.04 LTS noble |
Needs evaluation
|
|
| 22.04 LTS jammy |
Needs evaluation
|
|
| 20.04 LTS focal |
Needs evaluation
|
|
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial |
Needs evaluation
|
Notes
mdeslaur
The changes in the new version are massive and restrict configuration and data files to a specific directory set at build time. This may introduce a regression in stable releases depending on how existing installations are configured. On Debian and Ubuntu on noble+, the daemons are run as non-root, and are protected by AppArmor. These hardening measures mitigate this vulnerability. In addition, access to the RESTful API is restricted to authenticated users. AppArmor profile was introduced in (2.2.0-3) (noble+) RESTful API restriction was introduced in (2.2.0-8) (noble+)
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
6.1 · Medium
|
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | Low |
| Availability impact | High |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H |