Unexpected Exit Vulnerability in Kea DHCP Server from ISC
CVE-2025-11232

7.5HIGH

Key Information:

Vendor: Isc
Status: Kea
Vendor: CVE Published:; 29 October 2025

Badges

👾 Exploit Exists

What is CVE-2025-11232?

The vulnerability allows for an unexpected exit of the Kea DHCP server when specific configuration parameters are set incorrectly. If the "hostname-char-set" uses the default value of "[^A-Za-z0-9.-]", the "hostname-char-replacement" is left empty, and the "ddns-qualifying-suffix" is set to a non-empty value, certain client requests can trigger this issue. Notably, DDNS updates do not need to be enabled for the vulnerability to present itself, impacting the stability of the server.

Affected Version(s)

Kea 3.0.1

Kea 3.1.1 <= 3.1.2

Kea 2.6.0

References

https://kb.isc.org/docs/cve-2025-11232

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Oct 29, 2025
Vulnerability published
Oct 29, 2025
Vulnerability Reserved
Oct 1, 2025

Credit

ISC would like to thank Siniša Uskoković and Ralf Steuer from Vienna University of Economics and Business for bringing this vulnerability to our attention.

JSON

Isc

Badges

What is CVE-2025-11232?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit