CVE-2025-32803 log

Source
Severity Medium
Remote No
Type Information disclosure
Description
In some cases, Kea log files or lease files may be world-readable.

If an attacker has access to a local unprivileged user account, they would be able to read the logs and/or lease information. This might disclose details about DHCP clients (MAC addresses, hostnames, IP addresses, configuration details, and so on), or about Kea itself.
Group Package Affected Fixed Severity Status Ticket
AVG-2886 kea 2.6.2-1 High Vulnerable
References
https://kb.isc.org/docs/cve-2025-32803