AI description
CVE-2025-40776 is a vulnerability affecting BIND 9's caching resolver when it is configured to send ECS (EDNS Client Subnet) options. This vulnerability can potentially expose the resolver to cache-poisoning attacks. The issue affects BIND 9 Subscription Edition versions 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.37-S1, and 9.20.9-S1 through 9.20.10-S1. The vulnerability makes resolvers with ECS enabled more susceptible to cache poisoning through spoofed query responses. An attacker could bypass existing cache poisoning attack mitigations. Disabling ECS in BIND or upgrading to patched releases 9.18.38-S1 or 9.20.11-S1 can mitigate this vulnerability.
- Description
- A `named` caching resolver that is configured to send ECS (EDNS Client Subnet) options may be vulnerable to a cache-poisoning attack. This issue affects BIND 9 versions 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.37-S1, and 9.20.9-S1 through 9.20.10-S1.
- Source
- security-officer@isc.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 8.6
- Impact score
- 4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
- Severity
- HIGH
- security-officer@isc.org
- CWE-349
- Hype score
- Not currently trending
🚨CVE-2025-40776: Cache Poisoning Vulnerability and CVE-2025-40777: Crash Vulnerability FOFA Query: app="ISC-BIND-DNS" Results: 15,918 FOFA: https://t.co/i03uGrqevp CVSS: 8.6 and 7.5 More Info: https://t.co/YCinE08Kj0 https://t.co/GKqAJ8nzw5
@DarkWebInformer
29 Jul 2025
3811 Impressions
4 Retweets
27 Likes
11 Bookmarks
1 Reply
0 Quotes
به تازگی برای BIND ورژن 9 دو آسیب پذیری خطرناک با کدهای شناسایی CVE-2025-40776 و CVE-2025-40777 منتشر شده است. آسیب پذیری اول از نوع DNS Cache Poisoning و آسیب پذیری دوم از نوع DOS می
@AmirHossein_sec
19 Jul 2025
30 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-40776 and CVE-2025-40777 # BIND 9 DNS resolver Cache Poisoning & dos flaw exposed >>>: https://t.co/nzWBQ5e9dl
@Iambivash007
19 Jul 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-40776 and CVE-2025-40777 # BIND 9 DNS resolver Cache Poisoning & dos flaw exposed >>>: https://t.co/nzWBQ5eH2T
@Iambivash007
19 Jul 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️⚠️ CVE-2025-40776 and CVE-2025-40777 ISC Warns of Cache Poisoning and Crash Risks in BIND 🎯16k+ Results are found on the https://t.co/pb16tGYaKe nearly year 🔗FOFA Link:https://t.co/8vbFRsWzQh FOFA Query:app="ISC-BIND-DNS" 🔖Refer:https://t.co/rhRHNZCxgN #OSINT #
@fofabot
18 Jul 2025
704 Impressions
1 Retweet
7 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-40776 Cache Poisoning Vulnerability in BIND 9 Resolver with EDNS Client Subnet https://t.co/7krcxtyu3t Vulnerability Notification: https://t.co/xhLrNnfyrO
@VulmonFeeds
17 Jul 2025
60 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-40776 A `named` caching resolver that is configured to send ECS (EDNS Client Subnet) options may be vulnerable to a cache-poisoning attack. This issue affects BIND 9 versio… https://t.co/rN1JPQRTOB
@CVEnew
16 Jul 2025
174 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes