{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-28T04:42:17.603","vulnerabilities":[{"cve":{"id":"CVE-2025-32801","sourceIdentifier":"security-officer@isc.org","published":"2025-05-28T17:15:23.710","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Kea configuration and API directives can be used to load a malicious hook library.  Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths.\nThis issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8."},{"lang":"es","value":"La configuración de Kea y las directivas de la API pueden usarse para cargar una librería de ganchos maliciosa. Muchas configuraciones comunes ejecutan Kea como root, dejan los puntos de entrada de la API sin protección por defecto o ubican los sockets de control en rutas inseguras. Este problema afecta a las versiones de Kea 2.4.0 a 2.4.1, 2.6.0 a 2.6.2 y 2.7.0 a 2.7.8."}],"metrics":{"cvssMetricV31":[{"source":"security-officer@isc.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-officer@isc.org","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://kb.isc.org/docs/cve-2025-32801","source":"security-officer@isc.org"}]}}]}