AI description
CVE-2025-11411 is a vulnerability affecting NLnet Labs Unbound DNS resolver versions up to and including 1.24.2. It stems from Unbound's acceptance of extraneous, untrusted NS RRSets (Name Server Resource Record Sets) found in the authority section of DNS responses. These NS RRSets are typically used to update a resolver's delegation information for a DNS zone. The vulnerability can be exploited by attackers who inject malicious NS RRSets and associated address records into DNS replies, potentially through spoofed packets or fragmentation attacks. Unbound may then incorrectly update its cached delegation information, treating the injected NS RRSets as trusted in-zone data. This can lead to domain hijacking attacks. Unbound version 1.24.1 includes a fix that mitigates the possible poisoning effect by scrubbing unsolicited NS RRSets and their respective address records from replies. Version 1.24.2 includes an additional fix that scrubs unsolicited NS RRSets from YXDOMAIN and non-referral nodata replies.
- Description
- NLnet Labs Unbound up to and including version 1.24.2 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that complement positive DNS replies in the authority section can be used to trick resolvers to update their delegation information for the zone. Usually these RRSets are used to update the resolver's knowledge of the zone's name servers. A malicious actor can exploit the possible poisonous effect by injecting NS RRSets (and possibly their respective address records) in a reply. This could be done for example by trying to spoof a packet or fragmentation attacks. Unbound would then proceed to update the NS RRSet data it already has since the new data has enough trust for it, i.e., in-zone data for the delegation point. Unbound 1.24.1 includes a fix that scrubs unsolicited NS RRSets (and their respective address records) from replies mitigating the possible poison effect. Unbound 1.24.2 includes an additional fix that scrubs unsolicited NS RRSets (and their respective address records) from YXDOMAIN and non-referral nodata replies, further mitigating the possible poison effect.
- Source
- sep@nlnetlabs.nl
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 5.7
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
- sep@nlnetlabs.nl
- CWE-349
- Hype score
- Not currently trending
Just published a deep dive on the new #Fedora 42 security advisory (FEDORA-2025-38b1c0f3b5). It patches CVE-2025-11411 in the Unbound DNS resolver. Read more: 👉 https://t.co/UVS4FKDmuI #Security https://t.co/YZqOgvqpMK
@Cezar_H_Linux
2 Dec 2025
68 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【注意喚起】Unboundの脆弱性情報が公開されました(CVE-2025-11411) https://t.co/vCarleEX2o
@JPRS_official
1 Dec 2025
2914 Impressions
7 Retweets
22 Likes
3 Bookmarks
0 Replies
2 Quotes
CVE-2025-11411 Unbound 脆弱性は「移転インジェクション」 に分類されるものだと理解した。 対策は Auth. Sec. や Add. Sec. を捨てるというものらしい。 (つまり、危険性を認識するのに10年近くかかったことになる。)
@beyondDNS
15 Nov 2025
220 Impressions
0 Retweets
4 Likes
0 Bookmarks
1 Reply
0 Quotes
Just published: A detailed analysis of the critical #Mageia Linux Unbound vulnerability (CVE-2025-11411). Read more: 👉 https://t.co/bCdEG1B3lF #Security https://t.co/dJJt4ywCUu
@Cezar_H_Linux
13 Nov 2025
89 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【メールマガジン(FROM JPRS)】最新号を掲載しました。 通常号 vol.1219「Unboundの脆弱性情報について(CVE-2025-11411)、他1件」など https://t.co/FxrIEFY4Jd
@JPRS_official
4 Nov 2025
179 Impressions
0 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
Unboundの脆弱性情報が公開されました(CVE-2025-11411) https://t.co/Zq7Emyryo2 #%E6%8A%80%E8%A1%93%E7%B3%BB-%E8%B3%87%E6%96%99 #feedly
@likecoffee
28 Oct 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【注意喚起】Unboundの脆弱性情報が公開されました(CVE-2025-11411) https://t.co/NfVQvFZhoM
@JPRS_official
27 Oct 2025
1990 Impressions
9 Retweets
11 Likes
3 Bookmarks
0 Replies
1 Quote
Unbound 1.24.1 released This security release fixes CVE-2025-11411. https://t.co/Zzf5SvyCh3
@beyondDNS
23 Oct 2025
676 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
1 Quote
CVE-2025-11411 NLnet Labs Unbound up to and including version 1.24.0 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that complement positive DNS replies in t… https://t.co/vCyYd6BAbs
@CVEnew
22 Oct 2025
183 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes