ISC has disclosed one vulnerability in Kea (CVE-2025-40779)

[Ben Scott <bscott () isc org>]

On 27 August 2025 we (Internet Systems Consortium) disclosed one 
vulnerability affecting our Kea software:

- CVE-2025-40779: Kea crash upon interaction between specific client 
options and subnet selection https://kb.isc.org/docs/cve-2025-40779

New versions of Kea are available at the following URLs:

Stable: https://downloads.isc.org/isc/kea/3.0.1/

Development: https://downloads.isc.org/isc/kea/3.1.1/

With the public announcement of these vulnerabilities, the embargo 
period is ended and any updated software packages that have been 
prepared may be released.

--
Ben Scott <bscott () isc org>
Support Engineer
Internet Systems Consortium