CVE-2025-58063

Name of the Vulnerable Software and Affected Versions: CoreDNS versions 1.2.0 through 1.12.3

Description: CoreDNS, a DNS server that chains plugins, contains a TTL confusion vulnerability within the etcd plugin. This flaw arises from the incorrect use of lease IDs as TTL values, potentially enabling DNS cache pinning attacks. Specifically, the TTL() function in plugin/etcd/etcd.go casts etcd lease IDs (64-bit integers) to uint32, resulting in excessively large TTLs when the lease ID is large. This allows attackers to pin DNS cache entries for extended periods, leading to a denial of service for DNS resolution of affected services. An attacker with etcd write access can exploit this by writing or updating a key with any lease, causing downstream resolvers and clients to cache answers for years.

Recommendations: CoreDNS versions prior to 1.12.4 are affected. Update to CoreDNS version 1.12.4 or later to resolve this issue.