vulnerability
Red Hat: CVE-2025-32802: kea: Insecure handling of file paths allows multiple local attacks (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:S/C:N/I:P/A:C) | May 28, 2025 | Jan 27, 2026 | Jan 27, 2026 |
Severity
5
CVSS
(AV:L/AC:L/Au:S/C:N/I:P/A:C)
Published
May 28, 2025
Added
Jan 27, 2026
Modified
Jan 27, 2026
Description
Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths.
This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8.
Solutions
redhat-upgrade-kearedhat-upgrade-kea-debuginforedhat-upgrade-kea-debugsourceredhat-upgrade-kea-docredhat-upgrade-kea-hooksredhat-upgrade-kea-hooks-debuginforedhat-upgrade-kea-keamaredhat-upgrade-kea-keama-debuginforedhat-upgrade-kea-libsredhat-upgrade-kea-libs-debuginfo
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.