CVE-2025-32801 log

Source
Severity High
Remote No
Type Privilege escalation
Description
Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths.

If an attacker has access to a local unprivileged user account, and the Kea API entry points are not secured, the attacker can instruct Kea to load a hook library from an arbitrary local file (including a file introduced by the attacker). The malicious hook would execute with the privileges available to Kea.
Group Package Affected Fixed Severity Status Ticket
AVG-2886 kea 2.6.2-1 High Vulnerable
References
https://kb.isc.org/docs/cve-2025-32801