AI description
CVE-2025-13878 is a vulnerability affecting BIND 9, a widely used DNS server software. The flaw allows remote attackers to crash DNS servers by sending specially crafted, malformed DNS records. Specifically, the vulnerability stems from improper handling of malformed BRID (Breadth-first Record ID) and HHIT (Host Hash Information Table) records within BIND 9's `named` daemon. When a vulnerable BIND 9 server processes these malicious records, the `named` daemon terminates unexpectedly, leading to a complete service outage. This denial-of-service (DoS) condition impacts both authoritative nameservers and DNS resolvers. The vulnerability affects various BIND 9 versions, including 9.18.40 through 9.18.43, 9.20.13 through 9.20.17, and 9.21.12 through 9.21.16, as well as corresponding BIND SPE (Preview) versions.
- Description
- Malformed BRID/HHIT records can cause `named` to terminate unexpectedly. This issue affects BIND 9 versions 9.18.40 through 9.18.43, 9.20.13 through 9.20.17, 9.21.12 through 9.21.16, 9.18.40-S1 through 9.18.43-S1, and 9.20.13-S1 through 9.20.17-S1.
- Source
- security-officer@isc.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
- security-officer@isc.org
- CWE-617
- Hype score
- Not currently trending
🚨 CRITICAL: #Fedora 42 bind-dyndb-ldap vulnerability (CVE-2025-13878) allows DNS privilege escalation via LDAP. If you're running BIND with directory service integration: Read more: 👉 https://t.co/NJFpupjXg5 #Security https://t.co/0xz5hAKwzy
@Cezar_H_Linux
7 Feb 2026
77 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
URGENT: #Fedora 42 BIND DNS security flaw (CVE-2025-13878) patched. DoS via corrupt BRID/HHIT records Read more: 👉 https://t.co/XEaCOiGW9d #Security https://t.co/DyKqxWhrwC
@Cezar_H_Linux
7 Feb 2026
65 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
⚠️ Vulnerabilidad en productos BIND ❗ CVE-2025-13878 ➡️ Más info: https://t.co/wY5pp7W5QA https://t.co/ar1r7DKabY
@CERTpy
3 Feb 2026
81 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
After analyzing 60% of vulnerabilities from past week, CVE-2025-13878 has 12 articles published from different internet sources, no other cve has these many articles. More information here: https://t.co/SyyDujjO8C #vulnerability #CyberSecurity #ThreatIntel #CVE #SecurityAlert
@stooee_
30 Jan 2026
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Descubre la vulnerabilidad CVE-2025-13878 y cómo afecta la seguridad. Más info aquí: https://t.co/JUB9WtzZIc #Ciberseguridad #Vulnerabilidades
@AlejosAngel
29 Jan 2026
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Warning: CVE-2025-13878 vulnerability in some #BIND9 versions causes "named" to crash. Authoritative servers and resolvers are affected. https://t.co/2gpgdg2Roi #Patch #Patch #Patch!
@CCBalert
26 Jan 2026
195 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-13878 (CVSS:7.5, HIGH) is Received. Malformed BRID/HHIT records can cause `named` to terminate unexpectedly. This issue affects BIND 9 versions 9.18.40 thro..https://t.co/xQNYUQMelB #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
26 Jan 2026
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【メールマガジン(FROM JPRS)】最新号を掲載しました。 通常号 vol.1230「(緊急)BIND 9.xの脆弱性(DNSサービスの停止)について(CVE-2025-13878)」など https://t.co/hN5xKvLz5C
@JPRS_official
26 Jan 2026
205 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
BIND 9の脆弱性対策について(CVE-2025-13878) #IPA (Jan 23) https://t.co/vRqkQ6FGis
@foxbook
25 Jan 2026
223 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
これ、やばそう BIND 9の脆弱性対策について(CVE-2025-13878) | 情報セキュリティ | IPA 独立行政法人 情報処理推進機構 https://t.co/i3x550K3yY
@wisteriatp
24 Jan 2026
110 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
[JVNVU#94755059] ISC BINDにサービス運用妨害(DoS)につながる脆弱性(CVE-2025-13878) https://t.co/P00DpDVNjU #jvn #脆弱性 #セキュリティ
@jpsecuritynews
24 Jan 2026
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ BIND 9 Vulnerability Allows Remote Attackers to Crash DNS Servers A high-severity vulnerability in BIND 9 allows remote attackers to crash DNS servers by sending specially crafted DNS records, causing the named daemon to terminate unexpectedly. Tracked as CVE-2025-13878
@hackeraffairs
23 Jan 2026
71 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
BIND 9の脆弱性対策について(CVE-2025-13878) https://t.co/hzPda45YJJ
@ICATalerts
23 Jan 2026
4447 Impressions
17 Retweets
22 Likes
4 Bookmarks
0 Replies
2 Quotes
[2026/01/23 12:15 更新] ISC BINDにサービス運用妨害(DoS)につながる脆弱性(CVE-2025-13878) https://t.co/qei0bUFn7a
@jvnjp
23 Jan 2026
1338 Impressions
1 Retweet
1 Like
1 Bookmark
1 Reply
1 Quote
2026. 1.22 JVNVU#94755059 ISC BINDにサービス運用妨害(DoS)につながる脆弱性(CVE-2025-13878) - Japan Vulnerability Notes(JVN) https://t.co/UX1DFTqyp7
@kawn2020
23 Jan 2026
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[JVNVU#94755059] ISC BINDにサービス運用妨害(DoS)につながる脆弱性(CVE-2025-13878) https://t.co/P00DpDVNjU #jvn #脆弱性 #セキュリティ
@jpsecuritynews
23 Jan 2026
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
(緊急)BIND 9.xの脆弱性(DNSサービスの停止)について(CVE-2025-13878) - フルリゾルバー(キャッシュDNSサーバー)/権威DNSサーバーの双方が対象、 バージョンアップを強く推奨 - https://t.co/C9uJsru0Jm
@taku888infinity
22 Jan 2026
915 Impressions
1 Retweet
2 Likes
2 Bookmarks
0 Replies
0 Quotes
BIND 9に深刻な脆弱性が判明し、細工されたDNSレコードを送るだけでサーバーが停止する恐れがある。公開DNSや社内基盤にも影響し、早期更新が求められる。外部から無認証で悪用可能な点が問題視されている
@yousukezan
22 Jan 2026
1240 Impressions
6 Retweets
13 Likes
3 Bookmarks
0 Replies
0 Quotes
パケット一つでDNSが即死する魔法 CVE-2025-13878 https://t.co/I0rxABvOk2 まさに一撃必殺…… https://t.co/LUyBZCgbe6
@tabito_kazeno
22 Jan 2026
155 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 BIND 9 High-Severity DoS Flaw Lets Remote Attackers Crash DNS Servers (CVE-2025-13878) CVE-2025-13878 allows remote attackers to crash BIND 9’s `named` daemon by sending malformed BRID/HHIT records, triggering an unexpected termination and causing full DNS outage (CVSS 7.5
@ThreatSynop
22 Jan 2026
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
広く利用されているDNSサーバーソフトウェア「BIND 9」に、深刻度の高い脆弱性が発見されました。この脆弱性は「CVE-2025-13878」として追跡されています。 記事によると、リモートの攻撃者が特別に細工した不
@omomuki_tech
22 Jan 2026
94 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
めも (緊急)BIND 9.xの脆弱性(DNSサービスの停止)について(CVE-2025-13878) - フルリゾルバー(キャッシュDNSサーバー)/権威DNSサーバーの双方が対象、バージョンアップを強く推奨 - https://t.co/OeqyZ4fpog http
@kazumaohara
22 Jan 2026
105 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
JVNVU#94755059 ISC BINDにサービス運用妨害(DoS)につながる脆弱性(CVE-2025-13878) https://t.co/T6fEpJooQn アップデートで対処できるとのこと。利用されている方は早めのアップデートを。
@Syynya
22 Jan 2026
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
oss-sec: ISC has disclosed one vulnerability in BIND 9 (CVE-2025-13878) https://t.co/EgWtarZ0xc
@teenigma_
22 Jan 2026
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
JVNVU#94755059: ISC BINDにサービス運用妨害(DoS)につながる脆弱性(CVE-2025-13878) https://t.co/c6Ds1ChSdj
@ohhara_shiojiri
22 Jan 2026
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 #CVE-2025-13878: The DNS Doomsday Bug Crashing BIND Servers Worldwide + Video https://t.co/TAnS4BavsO Educational Purposes!
@UndercodeUpdate
22 Jan 2026
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
統合版 JPCERT/CC | JVN: ISC BINDにサービス運用妨害(DoS)につながる脆弱性(CVE-2025-13878) https://t.co/jwhpQYgTzp #itsec_jp
@itsec_jp
22 Jan 2026
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-13878: BIND 9: Malformed BRID/HHIT records can cause named to terminate unexpectedly https://t.co/MH8rSkgOUs
@oss_security
22 Jan 2026
385 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-13878: The One-Packet Kill for BIND DNS Servers. Read the full report on - https://t.co/JB82G2GEwY https://t.co/SZqtzT8wTJ
@cyberbivash
22 Jan 2026
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[2026/01/22 14:00 公表] ISC BINDにサービス運用妨害(DoS)につながる脆弱性(CVE-2025-13878) https://t.co/qei0bUFn7a
@jvnjp
22 Jan 2026
1447 Impressions
3 Retweets
2 Likes
0 Bookmarks
0 Replies
1 Quote
【注意喚起】(緊急)BIND 9.xの脆弱性(DNSサービスの停止)について(CVE-2025-13878) - フルリゾルバー(キャッシュDNSサーバー)/権威DNSサーバーの双方が対象、バージョンアップを強く推奨 - https://t.co/ZgtefErd
@JPRS_official
22 Jan 2026
3481 Impressions
15 Retweets
24 Likes
9 Bookmarks
0 Replies
1 Quote
High-severity BIND 9 flaw CVE-2025-13878 allows remote server crashes via single packet. Update to v9.18.44 or v9.20.18 immediately to prevent DoS. #BIND9 #DNS #CyberSecurity #CVE202513878 #DoS #InfoSec #SysAdmin #NetworkSecurity https://t.co/7Fdo3yrnNH
@the_yellow_fall
22 Jan 2026
416 Impressions
3 Retweets
9 Likes
2 Bookmarks
0 Replies
0 Quotes
【自分用メモ】CVE-2025-13878: Malformed BRID/HHIT records can cause named to terminate unexpectedly https://t.co/5DB8urAFqd
@OrangeMorishita
22 Jan 2026
567 Impressions
0 Retweets
5 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-13878 BIND 9 Denial of Service via Malformed BRID/HHIT Record Processin... https://t.co/aRizmy0Q0r Customizable Vulnerability Alerts: https://t.co/U7998fz7yk
@VulmonFeeds
21 Jan 2026
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SIOSセキュリティブログを更新しました。 BIND9の脆弱性(HIGH: CVE-2025-13878)と新バージョン(9.18.44, 9.20.18, 9.21.17) #sios_tech #security #vulnerability #セキュリティ #脆弱性 #dns #bind https://t.co/okQAga2Z3k
@omokazuki
21 Jan 2026
101 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-13878 Malformed BRID/HHIT records can cause `named` to terminate unexpectedly. This issue affects BIND 9 versions 9.18.40 through 9.18.43, 9.20.13 through 9.20.17, 9.21.12 … https://t.co/swy3kSueDd
@CVEnew
21 Jan 2026
177 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-13878の1件だけっすか // New BIND 9 releases: 9.18.44, 9.20.18, 9.21.17 https://t.co/1MXJJ78xko
@w4yh
21 Jan 2026
563 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
1 Quote
BINDに脆弱性 Malformed BRID/HHIT records CVE-2025-13878 リンク先は現時点で404 https://t.co/xGTuTjJJVh
@yo_suematsu
21 Jan 2026
171 Impressions
1 Retweet
4 Likes
1 Bookmark
0 Replies
0 Quotes