CVE-2025-68151

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions CoreDNS versions prior to 1.14.0

Description CoreDNS is a DNS server that utilizes plugins. Several CoreDNS server implementations, including gRPC, HTTPS, and HTTP/3, do not have sufficient resource limits. An unauthenticated remote attacker can deplete memory and disrupt or crash the server by establishing numerous concurrent connections, streams, or sending excessively large request bodies. This issue shares similarities with CVE-2025-47950 but impacts additional server types that do not enforce limits on connections, streams, or message sizes.

Recommendations Update to version 1.14.0 or later.

Exploit

Fix

DoS

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

AZL-73850

AZL-74025

BDU:2026-03630

CLEANSTART-2026-VJ54611

CVE-2025-68151

GHSA-527X-5WRF-22M2

GO-2026-4289

SUSE-SU-2026:0142-1

Affected Products

Coredns

Red Os

CVE-2025-68151

Weakness Enumeration

Related Identifiers

Affected Products

References · 113