CVE-2025-32802

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-32802

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-32802.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-32802

Downstream

ALPINE-CVE-2025-32802

DEBIAN-CVE-2025-32802

RHSA-2025:9178

RLSA-2025:9178

SUSE-SU-2026:0907-1

SUSE-SU-2026:1091-1

UBUNTU-CVE-2025-32802

openSUSE-SU-2025:15181-1

Related

Published

2025-05-28T17:15:23Z

Modified

2026-03-28T08:59:15.228013Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVSS Calculator

Summary

[none]

Details

Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8.

References

https://kb.isc.org/docs/cve-2025-32802

Affected packages