Kea DHCP Server Vulnerability: Remote Attackers Can Crash the System with a Single Malicious Packet

A newly disclosed vulnerability in the widely used ISC Kea DHCP server, designated CVE-2025-40779, poses a significant security risk to network infrastructure globally. This flaw allows remote attackers to crash DHCP services with a single maliciously crafted packet, potentially disrupting operations across entire organisations. The vulnerability affects multiple versions of the Kea DHCP server, specifically versions 2.7.1 through 2.7.9, 3.0.0, and 3.1.0. Key takeaways include that CVE-2025-40779 enables attackers to crash Kea DHCPv4 with one crafted unicast packet, carries a CVSS score of 7.5, and has no available workaround. Network administrators running these affected versions face immediate exposure to denial-of-service attacks that require no authentication or special privileges to execute.

The vulnerability arises from an assertion failure in the kea-dhcp4 process when specific client options interact with the subnet selection mechanism. When a DHCPv4 client sends a request containing particular option combinations, the Kea server may fail to locate an appropriate subnet, leading to an unexpected service termination due to a fatal assertion error. This attack vector is particularly concerning as it only affects unicast messages sent directly to the Kea server, while broadcast DHCP messages do not trigger the vulnerability. The Common Vulnerability Scoring System (CVSS) has categorised this flaw as high severity, with a score of 7.5. ISC has released patched versions to address this critical vulnerability, and organisations must upgrade to Kea version 3.0.1 or 3.1.1 immediately, as no workarounds exist. Network administrators should prioritise this update, given the critical nature of DHCP services in network infrastructure. 

Categories: Vulnerability, Denial of Service, Mitigation 

Tags: Vulnerability, ISC, Kea, DHCP, CVE-2025-40779, Denial of Service, Unicast, Patch, Upgrade, Network