On 27 August 2025 we (Internet Systems Consortium) disclosed one
vulnerability affecting our Kea software:
- CVE-2025-40779: Kea crash upon interaction between specific client
options and subnet selection https://kb.isc.org/docs/cve-2025-40779
New versions of Kea are available at the following URLs:
Stable: https://downloads.isc.org/isc/kea/3.0.1/
Development: https://downloads.isc.org/isc/kea/3.1.1/
With the public announcement of these vulnerabilities, the embargo
period is ended and any updated software packages that have been
prepared may be released.
--
Ben Scott <[email protected]>
Support Engineer
Internet Systems Consortium
