If a DHCPv4 client sends a request with some specific options, and Kea fails to find an appropriate subnet for the client, the `kea-dhcp4` process will abort with an assertion failure. This happens only if the client request is unicast directly to Kea; broadcast messages do not cause the problem.
This issue affects Kea versions 2.7.1 through 2.7.9, 3.0.0, and 3.1.0.
History

Fri, 29 Aug 2025 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Important


Thu, 28 Aug 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 28 Aug 2025 07:45:00 +0000

Type Values Removed Values Added
First Time appeared Isc
Isc kea
Vendors & Products Isc
Isc kea

Wed, 27 Aug 2025 20:45:00 +0000

Type Values Removed Values Added
Description If a DHCPv4 client sends a request with some specific options, and Kea fails to find an appropriate subnet for the client, the `kea-dhcp4` process will abort with an assertion failure. This happens only if the client request is unicast directly to Kea; broadcast messages do not cause the problem. This issue affects Kea versions 2.7.1 through 2.7.9, 3.0.0, and 3.1.0.
Title Kea crash upon interaction between specific client options and subnet selection
Weaknesses CWE-476
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: isc

Published:

Updated: 2025-08-28T14:08:05.935Z

Reserved: 2025-04-16T08:44:49.857Z

Link: CVE-2025-40779

cve-icon Vulnrichment

Updated: 2025-08-28T14:08:00.526Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-08-27T21:15:54.960

Modified: 2025-08-29T16:24:09.860

Link: CVE-2025-40779

cve-icon Redhat

Severity : Important

Publid Date: 2025-08-27T20:23:29Z

Links: CVE-2025-40779 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2025-08-28T07:40:55Z