CVE-2025-40776

Published Jul 16, 2025

Last updated 8 months ago

CVSS high 8.6
BIND 9
Dns
Port (53)

Overview

Description
A `named` caching resolver that is configured to send ECS (EDNS Client Subnet) options may be vulnerable to a cache-poisoning attack. This issue affects BIND 9 versions 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.37-S1, and 9.20.9-S1 through 9.20.10-S1.
Source
security-officer@isc.org
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
8.6
Impact score
4
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Severity
HIGH

Weaknesses

security-officer@isc.org
CWE-349

Social media

Hype score
Not currently trending

  1. 🚨CVE-2025-40776: Cache Poisoning Vulnerability and CVE-2025-40777: Crash Vulnerability FOFA Query: app="ISC-BIND-DNS" Results: 15,918 FOFA: https://t.co/i03uGrqevp CVSS: 8.6 and 7.5 More Info: https://t.co/YCinE08Kj0 https://t.co/GKqAJ8nzw5

    @DarkWebInformer

    29 Jul 2025

    3811 Impressions

    4 Retweets

    27 Likes

    11 Bookmarks

    1 Reply

    0 Quotes

  2. به تازگی برای BIND ورژن 9 دو آسیب پذیری خطرناک با کدهای شناسایی CVE-2025-40776 و CVE-2025-40777 منتشر شده است. آسیب پذیری اول از نوع DNS Cache Poisoning و آسیب پذیری دوم از نوع DOS می

    @AmirHossein_sec

    19 Jul 2025

    30 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2025-40776 and CVE-2025-40777 # BIND 9 DNS resolver Cache Poisoning & dos flaw exposed >>>: https://t.co/nzWBQ5e9dl

    @cyberbivash

    19 Jul 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2025-40776 and CVE-2025-40777 # BIND 9 DNS resolver Cache Poisoning & dos flaw exposed >>>: https://t.co/nzWBQ5eH2T

    @cyberbivash

    19 Jul 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. ⚠️⚠️ CVE-2025-40776 and CVE-2025-40777 ISC Warns of Cache Poisoning and Crash Risks in BIND 🎯16k+ Results are found on the https://t.co/pb16tGYaKe nearly year 🔗FOFA Link:https://t.co/8vbFRsWzQh FOFA Query:app="ISC-BIND-DNS" 🔖Refer:https://t.co/rhRHNZCxgN #OSINT #

    @fofabot

    18 Jul 2025

    704 Impressions

    1 Retweet

    7 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  6. CVE-2025-40776 Cache Poisoning Vulnerability in BIND 9 Resolver with EDNS Client Subnet https://t.co/7krcxtyu3t Vulnerability Notification: https://t.co/xhLrNnfyrO

    @VulmonFeeds

    17 Jul 2025

    60 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  7. CVE-2025-40776 A `named` caching resolver that is configured to send ECS (EDNS Client Subnet) options may be vulnerable to a cache-poisoning attack. This issue affects BIND 9 versio… https://t.co/rN1JPQRTOB

    @CVEnew

    16 Jul 2025

    174 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Related CVEs

  1. Malformed BRID/HHIT records can cause `named` to terminate unexpectedly. This issue affects BIND 9 versions 9.18.40 through 9.18.43, 9.20.13 through 9.20.17, 9.21.12 through 9.21.16, 9.18.40-S1 through 9.18.43-S1, and 9.20.13-S1 through 9.20.17-S1.CVE-2025-13878
  2. The CNI portmap plugin allows containers to emulate opening a host port, forwarding that traffic to the container. Versions 1.6.0 through 1.8.0 inadvertently forward all traffic with the same destination port as the host port when the portmap plugin is configured with the nftables backend, thus ignoring the destination IP. This includes traffic not intended for the node itself, i.e. traffic to containers hosted on the node. Containers that request HostPort forwarding can intercept all traffic destined for that port. This requires that the portmap plugin be explicitly configured to use the nftables backend. This issue is fixed in version 1.9.0. To workaround, configure the portmap plugin to use the iptables backend. It does not have this vulnerability.CVE-2025-67499
  3. Querying for records within a specially crafted zone containing certain malformed DNSKEY records can lead to CPU exhaustion. This issue affects BIND 9 versions 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.CVE-2025-8677
  4. Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.CVE-2025-40778
  5. In specific circumstances, due to a weakness in the Pseudo Random Number Generator (PRNG) that is used, it is possible for an attacker to predict the source port and query ID that BIND will use. This issue affects BIND 9 versions 9.16.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.16.8-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.CVE-2025-40780

References

Sources include official advisories and independent security research.