[oss-security] ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803)

Wed, 28 May 2025 09:40:57 -0700

On 28 May 2025 we (Internet Systems Consortium) disclosed three vulnerabilities affecting our Kea software:
- CVE-2025-32801:       Loading a malicious hook library can lead to local privilege escalation https://kb.isc.org/docs/cve-2025-32801 - CVE-2025-32802:       Insecure handling of file paths allows multiple local attacks https://kb.isc.org/docs/cve-2025-32802 - CVE-2025-32803:       Insecure file permissions can result in confidential information leakage https://kb.isc.org/docs/cve-2025-32803 

New versions of Kea are available from https://www.isc.org/downloads

- https://downloads.isc.org/isc/kea/2.4.2/
- https://downloads.isc.org/isc/kea/2.6.3/
- https://downloads.isc.org/isc/kea/2.7.9/


With the public announcement of these vulnerabilities, the embargo 
period is ended and any updated software packages that have been 
prepared may be released.





Attachment:
OpenPGP_0x0F4B060F8E683241.asc

Description: OpenPGP public key



Attachment:
OpenPGP_signature.asc

Description: OpenPGP digital signature






















					Reply via email to