What is CVE-2025-32802?

CVE-2025-32802 is a medium-severity vulnerability in Isc Kea, classified under External Control of File Name or Path. CVSS score: 6.1/10. Published 2025-05-28.

How severe is CVE-2025-32802?

Medium severity. CVSS v3 base score is 6.1 out of 10.

Vulnerability in Isc Kea

CVE-2025-32802

Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control so…

EPSS: 0.000 (13.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H.

Affected products

Isc Kea — versions 2.4.0, 2.6.0, 2.7.0

Weakness classification (CWE)

CWE-73 — External Control of File Name or Path
CWE-379 — Creation of Temporary File in Directory with Insecure Permissions

References

CVE-2025-32802 (vendor-advisory)

Frequently asked questions

What is CVE-2025-32802?: CVE-2025-32802 is a medium-severity vulnerability in Isc Kea, classified under External Control of File Name or Path. CVSS score: 6.1/10. Published 2025-05-28.
How severe is CVE-2025-32802?: Medium severity. CVSS v3 base score is 6.1 out of 10.