vulnerability
Oracle Linux: CVE-2025-32802: ELSA-2025-9178: kea security update (IMPORTANT)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:S/C:N/I:P/A:C) | May 28, 2025 | Jul 10, 2025 | Jul 16, 2025 |
Severity
5
CVSS
(AV:L/AC:L/Au:S/C:N/I:P/A:C)
Published
May 28, 2025
Added
Jul 10, 2025
Modified
Jul 16, 2025
Description
A vulnerability was found in the Kea package. If an attacker has access to a local user account and the Kea API entry points are not secured, the attacker may use the API to modify Kea's configuration files or overwrite any system's file which a Kea running user has write access. This may be leveraged to cause system-wide denial of service or to achieve a local privilege escalation. Additionally, if Kea's control sockets are enabled and placed in an insecure location, any local user may impersonate the Kea service and prevent the real Kea service from starting.
Solutions
oracle-linux-upgrade-keaoracle-linux-upgrade-kea-docoracle-linux-upgrade-kea-hooksoracle-linux-upgrade-kea-keamaoracle-linux-upgrade-kea-libs
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.