Looking at the CVE history, first "LTS" release 3.0.0 was quickly replaced by 3.0.1

https://kb.isc.org/docs/cve-2025-40779

"CVE-2025-40779: Kea crash upon interaction between specific client options and subnet selection"

https://github.com/isc-projects/kea/commit/0afd42b5dfb2e547b...

unprotected null pointer use, kea is in C++