- Description
- NLnet Labs Unbound up to and including version 1.24.2 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that complement positive DNS replies in the authority section can be used to trick resolvers to update their delegation information for the zone. Usually these RRSets are used to update the resolver's knowledge of the zone's name servers. A malicious actor can exploit the possible poisonous effect by injecting NS RRSets (and possibly their respective address records) in a reply. This could be done for example by trying to spoof a packet or fragmentation attacks. Unbound would then proceed to update the NS RRSet data it already has since the new data has enough trust for it, i.e., in-zone data for the delegation point. Unbound 1.24.1 includes a fix that scrubs unsolicited NS RRSets (and their respective address records) from replies mitigating the possible poison effect. Unbound 1.24.2 includes an additional fix that scrubs unsolicited NS RRSets (and their respective address records) from YXDOMAIN and non-referral nodata replies, further mitigating the possible poison effect.
- Source
- sep@nlnetlabs.nl
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 5.7
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
- sep@nlnetlabs.nl
- CWE-349
- Hype score
- Not currently trending
【自分用メモ】2025年10月に公開されたキャッシュポイズニング脆弱性の論文が出た。まだ読んでいない。 CVE-2025-40778(BIND)、CVE-2025-11411(Unbound)、CVE-2025-59023(PowerDNS Recursor) Should I Trust You? Rethinking the Princip
@OrangeMorishita
16 Feb 2026
1203 Impressions
4 Retweets
9 Likes
9 Bookmarks
1 Reply
3 Quotes
【メールマガジン(FROM JPRS)】最新号を掲載しました。 通常号 vol.1224「「Unboundの脆弱性情報について(CVE-2025-11411)」など https://t.co/9kMwtHaz4d
@JPRS_official
8 Dec 2025
507 Impressions
2 Retweets
6 Likes
1 Bookmark
0 Replies
0 Quotes
Just published a deep dive on the new #Fedora 42 security advisory (FEDORA-2025-38b1c0f3b5). It patches CVE-2025-11411 in the Unbound DNS resolver. Read more: 👉 https://t.co/UVS4FKDmuI #Security https://t.co/YZqOgvqpMK
@Cezar_H_Linux
2 Dec 2025
68 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【注意喚起】Unboundの脆弱性情報が公開されました(CVE-2025-11411) https://t.co/vCarleEX2o
@JPRS_official
1 Dec 2025
2914 Impressions
7 Retweets
22 Likes
3 Bookmarks
0 Replies
2 Quotes
CVE-2025-11411 Unbound 脆弱性は「移転インジェクション」 に分類されるものだと理解した。 対策は Auth. Sec. や Add. Sec. を捨てるというものらしい。 (つまり、危険性を認識するのに10年近くかかったことになる。)
@beyondDNS
15 Nov 2025
220 Impressions
0 Retweets
4 Likes
0 Bookmarks
1 Reply
0 Quotes
Just published: A detailed analysis of the critical #Mageia Linux Unbound vulnerability (CVE-2025-11411). Read more: 👉 https://t.co/bCdEG1B3lF #Security https://t.co/dJJt4ywCUu
@Cezar_H_Linux
13 Nov 2025
89 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【メールマガジン(FROM JPRS)】最新号を掲載しました。 通常号 vol.1219「Unboundの脆弱性情報について(CVE-2025-11411)、他1件」など https://t.co/FxrIEFY4Jd
@JPRS_official
4 Nov 2025
179 Impressions
0 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
Unboundの脆弱性情報が公開されました(CVE-2025-11411) https://t.co/Zq7Emyryo2 #%E6%8A%80%E8%A1%93%E7%B3%BB-%E8%B3%87%E6%96%99 #feedly
@likecoffee
28 Oct 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【注意喚起】Unboundの脆弱性情報が公開されました(CVE-2025-11411) https://t.co/NfVQvFZhoM
@JPRS_official
27 Oct 2025
1990 Impressions
9 Retweets
11 Likes
3 Bookmarks
0 Replies
1 Quote
Unbound 1.24.1 released This security release fixes CVE-2025-11411. https://t.co/Zzf5SvyCh3
@beyondDNS
23 Oct 2025
676 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
1 Quote
CVE-2025-11411 NLnet Labs Unbound up to and including version 1.24.0 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that complement positive DNS replies in t… https://t.co/vCyYd6BAbs
@CVEnew
22 Oct 2025
183 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes