CVE-2025-40780

CVSS v3.1

8.6

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions BIND versions 9.16.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.16.8-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.

Description Due to a weakness in the Pseudo Random Number Generator (PRNG) used by BIND, an attacker can predict the source port and query ID. This can lead to cache poisoning, where malicious DNS responses are injected into the resolver’s cache, potentially causing clients to be redirected to incorrect websites. The vulnerability affects recursive resolvers, while authoritative servers are not impacted. The attack can be performed remotely without user interaction.

Recommendations Upgrade BIND to a version prior to 9.16.0, or after 9.16.50, 9.18.39, 9.20.13, 9.21.12, 9.16.50-S1, 9.18.39-S1, and 9.20.13-S1.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-341

Related Identifiers

ALSA-2025:19793

ALSA-2025:19912

ALSA-2025:21034

ALSA-2025:21111

ALT-PU-2025-13369

ALT-PU-2025-13412

BDU:2025-14391

CESA-2025_19793

CVE-2025-40780

DLA-4364-1

DSA-6033-1

INFSA-2025_19793

INFSA-2025_21110

INFSA-2025_21111

MGASA-2025-0254

OESA-2025-2653

OESA-2025-2654

RHSA-2025:19793

RHSA-2025:19912

RHSA-2025:19950

RHSA-2025:19951

RHSA-2025:21034

RHSA-2025:21110

RHSA-2025:21111

RHSA-2025_19793

RHSA-2025_19950

RHSA-2025_19951

RHSA-2025_21110

RHSA-2025_21111

SUSE-SU-2025:4107-1

SUSE-SU-2025:4108-1

SUSE-SU-2025:4109-1

SUSE-SU-2025:4110-1

USN-7836-1

USN-7836-2

Affected Products

Alt Linux

Almalinux

Bind

Centos

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

CVE-2025-40780

Weakness Enumeration

Related Identifiers

Affected Products

References · 111