Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-32803
PUBLISHED
More InfoOfficial Page
Assigner-isc
Assigner Org ID-404fd4d2-a609-4245-b543-2c944a302a22
View Known Exploited Vulnerability (KEV) details
Published At-28 May, 2025 | 17:08
Updated At-28 May, 2025 | 17:28
Rejected At-
▼CVE Numbering Authority (CNA)
Insecure file permissions can result in confidential information leakage

In some cases, Kea log files or lease files may be world-readable. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8.

Affected Products
Vendor
Internet Systems Consortium, Inc.ISC
Product
Kea
Default Status
unaffected
Versions
Affected
  • From 2.4.0 through 2.4.1 (custom)
  • From 2.6.0 through 2.6.2 (custom)
  • From 2.7.0 through 2.7.8 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-276CWE-276 Incorrect Default Permissions
Type: CWE
CWE ID: CWE-276
Description: CWE-276 Incorrect Default Permissions
Metrics
VersionBase scoreBase severityVector
3.14.0MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Version: 3.1
Base score: 4.0
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
N/AIf an attacker has access to a local unprivileged user account, they would be able to read the logs and/or lease information. This might disclose details about DHCP clients (MAC addresses, hostnames, IP addresses, configuration details, and so on), or about Kea itself.
CAPEC ID: N/A
Description: If an attacker has access to a local unprivileged user account, they would be able to read the logs and/or lease information. This might disclose details about DHCP clients (MAC addresses, hostnames, IP addresses, configuration details, and so on), or about Kea itself.
Solutions

Upgrade to the patched release most closely related to your current version of Kea: 2.4.2, 2.6.3, or 2.7.9.

Configurations
Workarounds

It is possible to work around this problem by ensuring that the directories that contain the logs and lease files are only accessible to trusted users.

Exploits

We are not aware of any active exploits.

Credits
ISC would like to thank Matthias Gerstner from the SUSE security team for bringing this vulnerability to our attention.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://kb.isc.org/docs/cve-2025-32803
vendor-advisory
Hyperlink: https://kb.isc.org/docs/cve-2025-32803
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found