Vulnerability Database

309,364

Total vulnerabilities in the database

CVE-2025-32802

Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8.

Published: May 28, 2025
Updated: Nov 16, 2025
CVE: CVE-2025-32802
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

CWEs:

CWE-73
CWE-379

Affected Software
References

No affected software listed.

https://kb.isc.org/docs/cve-2025-32802

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo