Kea DHCP Vulnerability Enables Remote Crash Attack

/ Daily Cyber News, Vulnerabilities
add a heading (11)

A newly revealed security flaw in the ISC Kea DHCP server has raised serious concerns for organizations worldwide. Tracked as CVE-2025-40779, this vulnerability allows remote attackers to crash DHCPv4 services using a single specially crafted unicast packet, leading to potential large-scale network disruptions.

Key Points

  1. CVE-2025-40779 enables attackers to crash Kea DHCPv4 with a single malicious unicast request.
  2. Affects Kea versions 2.7.1 through 2.7.9, 3.0.0, and 3.1.0.
  3. Rated 7.5 (High) under CVSS 3.1, with no workarounds available.
  4. Immediate upgrade is strongly advised.

Technical Details

The flaw arises from an assertion failure in the kea-dhcp4 process. When certain client options interact with the subnet selection mechanism and no matching subnet is found, the service terminates with a fatal error.

Unlike typical DHCP broadcast requests, this bug is triggered only by direct unicast packets. This makes it possible for attackers to intentionally craft malicious DHCPv4 packets and cause a denial-of-service (DoS) attack without authentication or elevated privileges.

Severity and Risk Assessment

  • CVSS Score: 7.5 (High)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Impact: Denial of Service (DoS)
  • Prerequisites: Remote unicast DHCPv4 request with specific client options

This vulnerability does not compromise confidentiality or integrity, but it significantly impacts availability. A successful attack could prevent devices from obtaining IP addresses, effectively disrupting network connectivity across entire organizations.

Affected Versions

  • Kea 2.7.1 – 2.7.9
  • Kea 3.0.0
  • Kea 3.1.0

Credits

The vulnerability was identified through collaborative research efforts. Acknowledgments go to:

  • Jochen M.
  • Martin Dinev (Trading212)
  • Ashwani Kumar (PGIMER Chandigarh, India)
  • Bret Giddings (University of Essex)
  • Florian Ritterhoff (Munich University of Applied Sciences)

Mitigation and Recommendations

There are no temporary workarounds for CVE-2025-40779. ISC has released patched versions (3.0.1 and 3.1.1) that resolve this flaw.

Action Required:

  • Upgrade to Kea 3.0.1 or 3.1.1 immediately.
  • Monitor your DHCP servers for unusual unicast traffic.
  • Treat this update as a priority, since DHCP is a critical network infrastructure service.

Although no active exploits have been reported, the simplicity of the attack makes it highly attractive for malicious actors aiming to disrupt operations.

Related Posts