PT-2025-29825 · Isc · Bind
Published
2025-07-16
·
Updated
2025-08-01
·
CVE-2025-40776
CVSS v3.1
8.6
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
BIND 9 versions 9.11.3-S1 through 9.16.50-S1
BIND 9 versions 9.18.11-S1 through 9.18.37-S1
BIND 9 versions 9.20.9-S1 through 9.20.10-S1
Description
A
named caching resolver configured to send ECS (EDNS Client Subnet) options may be vulnerable to a cache-poisoning attack. This issue could allow an attacker to manipulate the resolver's cache, potentially leading to redirection or data compromise.Recommendations
BIND 9 versions 9.11.3-S1 through 9.16.50-S1: Update to a version beyond 9.16.50-S1.
BIND 9 versions 9.18.11-S1 through 9.18.37-S1: Update to a version beyond 9.18.37-S1.
BIND 9 versions 9.20.9-S1 through 9.20.10-S1: Update to a version beyond 9.20.10-S1.
Fix
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bind