CVE-2025-32803: 
Rocky Linux vulnerability analysis and mitigation

CVE-2025-32803 is a vulnerability in Kea DHCP server software that allows world-readable access to log files and lease files. The vulnerability was discovered and disclosed on May 28, 2025, affecting Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8. The issue stems from incorrect default permissions being set on Kea log files and lease files (ISC KB, Wiz).

The vulnerability is classified as CWE-276 (Incorrect Default Permissions) and has been assigned a CVSS v3.1 base score of 4.0 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. This indicates that local access is required with low attack complexity and no privileges or user interaction needed (ISC KB, Wiz).

If exploited, the vulnerability could allow an attacker with access to a local unprivileged user account to read logs and lease information. This could expose sensitive details about DHCP clients including MAC addresses, hostnames, IP addresses, and configuration details, as well as information about the Kea server itself (ISC KB, Wiz).

As a temporary workaround, administrators can ensure that directories containing logs and lease files are only accessible to trusted users. For a permanent fix, ISC recommends upgrading to patched versions: 2.4.2, 2.6.3, or 2.7.9 (ISC KB, Wiz).

The vulnerability was responsibly disclosed by Matthias Gerstner from the SUSE security team to ISC. During the assessment period before public disclosure, the initial CVSS score was adjusted from 7.3 to 4.0, reflecting a more accurate assessment of the vulnerability's impact (Openwall).