{"id":"CVE-2025-32801","details":"Kea configuration and API directives can be used to load a malicious hook library.  Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths.\nThis issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8.","modified":"2026-03-28T08:59:14.938178Z","published":"2025-05-28T17:15:23Z","related":["ALSA-2025:9178","SUSE-SU-2026:0907-1","SUSE-SU-2026:1091-1","openSUSE-SU-2025:15181-1"],"references":[{"type":"WEB","url":"https://kb.isc.org/docs/cve-2025-32801"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}