Kea DHCP Server Vulnerability Let Remote Attacker Crash With a Single Crafted Packet

A newly disclosed vulnerability in the widely used ISC Kea DHCP server poses a significant security risk to network infrastructure worldwide. The flaw, designated CVE-2025-40779, allows remote attackers to crash DHCP services with just a single maliciously crafted packet, potentially disrupting network operations across entire organizations.

The vulnerability stems from an assertion failure in the kea-dhcp4 process when specific client options interact with the subnet selection mechanism. When a DHCPv4 client transmits a request containing particular option combinations, and the Kea server fails to locate an appropriate subnet for that client, the service terminates unexpectedly with a fatal assertion error.

The attack vector is particularly concerning because it only affects unicast messages sent directly to the Kea server. Broadcast DHCP messages, which represent normal network traffic, do not trigger this vulnerability. This specificity suggests that attackers could deliberately target DHCP servers with precisely crafted unicast packets designed to exploit this weakness.

To read the complete article see: Kea DHCP Server Vulnerability double_check!