PT-2025-29825 · Isc · Bind
Published
2025-07-16
·
Updated
2025-07-16
·
CVE-2025-40776
CVSS v3.1
8.6
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N |
Fix
Weakness Enumeration
Related Identifiers
Affected Products
Bind
Published
2025-07-16
·
Updated
2025-07-16
·
CVE-2025-40776
8.6
High
| Base vector | Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions:
BIND versions 9.11.3-S1 through 9.16.50-S1
BIND versions 9.18.11-S1 through 9.18.37-S1
BIND versions 9.20.9-S1 through 9.20.10-S1
Description:
A `named` caching resolver configured to send ECS (EDNS Client Subnet) options may be vulnerable to a cache-poisoning attack. ECS (EDNS Client Subnet) is a DNS extension that allows clients to provide their subnet information to DNS resolvers.
Recommendations:
Update BIND to a version later than 9.16.50-S1.
Update BIND to a version later than 9.18.37-S1.
Update BIND to a version later than 9.20.10-S1.
Fix