- Description
- Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8.
- Source
- security-officer@isc.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security-officer@isc.org
- CWE-94
- Hype score
- Not currently trending
CVE-2025-32801 (CVSS:7.8, HIGH) is Awaiting Analysis. Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea a..https://t.co/sgYtT4lzmB #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
2 Jun 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ CVE-2025-32801: Local privilege escalation flaw found in #ISC #Kea #DHCP server. Malicious hook libraries can be used for full root access. Patch now. Details 👉 https://t.co/OT4IRU5sSC #cybersecurity #infosec
@threatsbank
29 May 2025
31 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
🚨 CVE-2025-32801 🔴 HIGH (7.8) 🏢 ISC - Kea 🏗️ 2.4.0 🔗 https://t.co/DFu74DOlsc #CyberCron #VulnAlert #InfoSec https://t.co/8fPSziwNaw
@cybercronai
29 May 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-32801 Remote Code Execution via Malicious Hook Library in ISC Kea DHCP Server https://t.co/5KHgipJpxF
@VulmonFeeds
28 May 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-32801 Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured b… https://t.co/njjsnjuMs8
@CVEnew
28 May 2025
153 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes