CVE-2025-32801 - Kea DHCP 2.6.x (x< 3)

Started by Ametite, May 29, 2025, 09:34:17 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 29, 2025, 09:34:17 AM Last Edit: May 29, 2025, 09:42:27 AM by Ametite
Good morning, everyone. I apologize if this is not the correct section; I'm relatively new here.
This morning, I received a CVE report from our cybersecurity agency regarding CVE on Kea DHCP. I checked the packet version in OPNsense, and it appears to be affected in the latest available version of OPNsense.

https://www.acn.gov.it/portale/en/w/aggiornamenti-di-sicurezza-per-prodotti-isc

https://www.cve.org/CVERecord?id=CVE-2025-32801

This is just as report :)
September 24, 2025, 05:58:52 PM #1
Quote from: Ametite on May 29, 2025, 09:34:17 AMGood morning, everyone. I apologize if this is not the correct section; I'm relatively new here.
This morning, I received a CVE report from our cybersecurity agency regarding CVE on Kea DHCP. I checked the packet version in OPNsense, and it appears to be affected in the latest available version of OPNsense.

https://www.acn.gov.it/portale/en/w/aggiornamenti-di-sicurezza-per-prodotti-isc

https://www.cve.org/CVERecord?id=CVE-2025-32801

This is just as report :)
Geometry Dash
Thanks for sharing! I have reviewed this CVE and found that the current Kea DHCP version on OPNsense is affected. Luckily, this is just a report, so we can still plan to patch soon. Has anyone tried to update or have a workaround?
September 24, 2025, 06:02:36 PM #2
It's a firewall appliance. Nobody who is not alread a firewall administrator has access to Kea configuration or API. This CVE is irrelevant in our context.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Print
Go Up Pages1
User actions