CVE-2025-32801

{"id": "CVE-2025-32801", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-officer@isc.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2025-05-28T17:15:23.710", "references": [{"url": "https://kb.isc.org/docs/cve-2025-32801", "source": "security-officer@isc.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security-officer@isc.org", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths.\nThis issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8."}, {"lang": "es", "value": "La configuraci\u00f3n de Kea y las directivas de la API pueden usarse para cargar una librer\u00eda de ganchos maliciosa. Muchas configuraciones comunes ejecutan Kea como root, dejan los puntos de entrada de la API sin protecci\u00f3n por defecto o ubican los sockets de control en rutas inseguras. Este problema afecta a las versiones de Kea 2.4.0 a 2.4.1, 2.6.0 a 2.6.2 y 2.7.0 a 2.7.8."}], "lastModified": "2025-05-29T14:29:50.247", "sourceIdentifier": "security-officer@isc.org"}