CVE-2025-5994

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:U/V:C/RE:X/U:X

Name of the Vulnerable Software and Affected Versions Unbound (affected versions not specified)

Description A multi-vendor cache poisoning vulnerability, named 'Rebirthday Attack', has been discovered in caching resolvers that support EDNS Client Subnet (ECS). Unbound is vulnerable when compiled with ECS support (i.e., '--enable-subnet') and configured to send ECS information to upstream name servers (i.e., at least one of the 'send-client-subnet', 'client-subnet-zone', or 'client-subnet-always-forward' options is used). This allows malicious actors to potentially match DNS transaction IDs and cache poisonous replies.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-349

Related Identifiers

ALSA-2025:11849

ALSA-2025:11884

ALSA-2025:12064

ALT-PU-2025-9880

ALT-PU-2025-9884

ALT-PU-2025-9991

BDU:2025-12600

CESA-2025_11884

CVE-2025-5994

DLA-4280-1

DSA-5987-1

INFSA-2025_11849

INFSA-2025_11884

OESA-2025-1974

OPENSUSE-SU-2025:15435-1

RHSA-2025:11849

RHSA-2025:11884

RHSA-2025:12064

RHSA-2025:12416

RHSA-2025:12520

RHSA-2025:12523

RHSA-2025:12929

RHSA-2025:13575

RHSA-2025:13576

RHSA-2025:13577

RHSA-2025_11849

RHSA-2025_11884

USN-7666-1

Affected Products

Alt Linux

Almalinux

Centos

Debian

Linuxmint

Red Hat

Red Os

Rocky Linux

Ubuntu

Unbound

CVE-2025-5994

Weakness Enumeration

Related Identifiers

Affected Products

References · 50