A newly disclosed vulnerability in the widely used ISC Kea DHCP server poses a significant security risk to network infrastructure worldwide.
The flaw, designated CVE-2025-40779, allows remote attackers to crash DHCP services with just a single maliciously crafted packet, potentially disrupting network operations across entire organizations.
The vulnerability affects multiple versions of the Kea DHCP server, including versions 2.7.1 through 2.7.9, 3.0.0, and 3.1.0.
Key Takeaways
1. CVE-2025-40779 lets attackers crash Kea DHCPv4 with one crafted unicast packet.
2. Affects Kea 2.7.1–2.7.9, 3.0.0, 3.1.0; CVSS 7.5; no workaround.
3. Upgrade immediately.
Network administrators running these versions face immediate exposure to denial-of-service attacks that require no authentication or special privileges to execute.
Kea DHCP Server DoS Vulnerability
The vulnerability stems from an assertion failure in the kea-dhcp4 process when specific client options interact with the subnet selection mechanism.
When a DHCPv4 client transmits a request containing particular option combinations, and the Kea server fails to locate an appropriate subnet for that client, the service terminates unexpectedly with a fatal assertion error.
The attack vector is particularly concerning because it only affects unicast messages sent directly to the Kea server.
Broadcast DHCP messages, which represent normal network traffic, do not trigger this vulnerability. This specificity suggests that attackers could deliberately target DHCP servers with precisely crafted unicast packets designed to exploit this weakness.
The Common Vulnerability Scoring System (CVSS) has assigned this flaw a score of 7.5, categorizing it as high severity.
The CVSS vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H indicates that the vulnerability can be exploited remotely with low complexity, requires no privileges or user interaction, and results in high availability impact.
The vulnerability was discovered through collaborative security research, with acknowledgments going to Jochen M., Martin Dinev from Trading212, Ashwani Kumar from the Post Graduate Institute of Medical Education & Research in Chandigarh, India, Bret Giddings from the University of Essex, and Florian Ritterhoff from Munich University of Applied Sciences.
| Risk Factors | Details |
| Affected Products | Kea 2.7.1 – 2.7.93.0.03.1.0 |
| Impact | Denial of Service |
| Exploit Prerequisites | Remote unicast DHCPv4 request with specific client option set |
| CVSS 3.1 Score | 7.5 (High) |
Mitigations
ISC has released patched versions to address this critical vulnerability. Organizations must immediately upgrade to Kea version 3.0.1 or 3.1.1, depending on their current deployment.
No workarounds exist for this vulnerability, making immediate patching the only viable defense strategy.
Network administrators should prioritize this update, as DHCP services represent critical infrastructure components.
A successful attack could render entire network segments unable to obtain IP addresses, effectively creating widespread connectivity outages.
While ISC reports no known active exploits, the simplicity of the attack vector makes this vulnerability an attractive target for malicious actors seeking to disrupt network operations.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
Source link
