PT-2025-30267 · Recursor+2 · Recursor+2
Xiang Li
·
Published
2025-07-21
·
Updated
2025-10-07
·
CVE-2025-30192
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
versions prior to the updated version
Description
An attacker spoofing responses to ECS-enabled requests sent by the Recursor may succeed. The updated version includes mitigations against spoofing attempts of ECS-enabled queries by chaining ECS-enabled requests and enforcing stricter validation of received responses. The most strict mitigation is enabled when the
outgoing.edns subnet harden setting is enabled.Recommendations
Update to the latest version to apply the mitigations.
Enable the
outgoing.edns subnet harden setting.Fix
Insufficient Verification of Data Authenticity
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Recursor
Red Os