CVE-2025-32803

NameCVE-2025-32803
DescriptionIn some cases, Kea log files or lease files may be world-readable. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1106737

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
isc-kea (PTS)bookworm2.2.0-6vulnerable
sid, trixie2.6.1-2vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
isc-keasource(unstable)(unfixed)1106737

Notes

https://kb.isc.org/docs/cve-2025-32803
https://www.openwall.com/lists/oss-security/2025/05/28/8

Search for package or bug name: Reporting problems