关键信息 CVE编号: CVE-2025-32803 标题: Insecure file permissions can result in confidential information leakage 发布日期: 28 May 2025 受影响的程序: Kea 受影响的版本: - Kea: - 2.4.0 -> 2.4.1 - 2.6.0 -> 2.6.2 - 2.7.0 -> 2.7.8 - (Versions prior to 2.4.0 were not assessed.) - End-of-life versions are likely also affected but have not been tested. 严重性: Medium 可利用性: Locally 描述: In some cases, Kea log files or lease files may be world-readable. 影响: If an attacker has access to a local unprivileged user account, they would be able to read the logs and/or lease information. This might disclose details about DHCP clients (MAC addresses, hostnames, IP addresses, configuration details, and so on), or about Kea itself. CVSS分数: 4.0 CVSS向量: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 解决方法: Upgrade to the patched release most closely related to your current version of Kea: - 2.4.2 - 2.6.3 - 2.7.9 绕过方法: It is possible to work around this problem by ensuring that the directories that contain the logs and lease files are only accessible to trusted users. 活动漏洞利用: We are not aware of any active exploits.