CVE-2025-32803 | THREATINT

Description

In some cases, Kea log files or lease files may be world-readable. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8.

PUBLISHED Reserved 2025-04-10 | Published 2025-05-28 | Updated 2025-05-28 | Assigner isc

MEDIUM: 4.0CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Problem types

CWE-276 Incorrect Default Permissions

Product status

Default status

unaffected

2.4.0 (custom)

affected

2.6.0 (custom)

affected

2.7.0 (custom)

affected

Credits

ISC would like to thank Matthias Gerstner from the SUSE security team for bringing this vulnerability to our attention.

References

kb.isc.org/docs/cve-2025-32803 (CVE-2025-32803) vendor-advisory

cve.org (CVE-2025-32803)

nvd.nist.gov (CVE-2025-32803)

Download JSON