AI description
CVE-2025-59023 is a vulnerability found in PowerDNS Recursor software, specifically affecting versions 5.1.0, 5.2.0, and 5.3.0 (up to and including 5.1.7, 5.2.5, and 5.3.0). The core issue stems from insufficient verification of data authenticity when the Recursor processes DNS delegations and IP fragments. This flaw allows attackers to craft malicious DNS delegations or manipulate IP fragments to poison the cached delegations within the Recursor. Such cache poisoning can result in the Recursor providing incorrect DNS information, which could potentially redirect users or services to domains or IP addresses controlled by an attacker. The vulnerability can be exploited remotely without requiring authentication or user interaction. To mitigate this, users are advised to upgrade to patched versions such as PowerDNS Recursor 5.1.8, 5.2.6, or 5.3.1.
- Description
- Crafted delegations or IP fragments can poison cached delegations in Recursor.
- Source
- security@open-xchange.com
- NVD status
- Analyzed
- Products
- recursor
CVSS 3.1
- Type
- Secondary
- Base score
- 8.2
- Impact score
- 4.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
- Severity
- HIGH
- nvd@nist.gov
- CWE-294
- Hype score
- Not currently trending
🚨 HIGH SEVERITY: CVE-2025-59023 (CVSS 8.2) PowerDNS Recursor vulnerable to cache poisoning via crafted delegations/IP fragments. Network-exploitable, no auth required. Patch immediately. #CVE #Vulnerability #PatchNow https://t.co/2yHL4GTMjw
@giuseppe_1337
28 Apr 2026
189 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【自分用メモ】2025年10月に公開されたキャッシュポイズニング脆弱性の論文が出た。まだ読んでいない。 CVE-2025-40778(BIND)、CVE-2025-11411(Unbound)、CVE-2025-59023(PowerDNS Recursor) Should I Trust You? Rethinking the Princip
@OrangeMorishita
16 Feb 2026
1203 Impressions
4 Retweets
9 Likes
9 Bookmarks
1 Reply
3 Quotes
CVE-2025-59023 Crafted delegations or IP fragments can poison cached delegations in Recursor. https://t.co/q2NRa0VxIj
@CVEnew
9 Feb 2026
352 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🟠 CVE-2025-59023 - High Crafted delegations or IP fragments can poison cached delegations in Recursor. https://t.co/ln0CSTuMpP https://t.co/Hbbwcwx9AB
@TheHackerWire
9 Feb 2026
68 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
PowerDNS Security Advisory 2025-06: CVE: CVE-2025-59023 Date: 15th October 2025 内容の説明はほとんどない。 https://t.co/xDDo1fV0fL
@beyondDNS
16 Nov 2025
107 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
PowerDNS Recursorの脆弱性情報が公開されました(CVE-2025-59023、CVE-2025-59024) https://t.co/6ossFNCsSS #%E6%8A%80%E8%A1%93%E7%B3%BB-%E8%B3%87%E6%96%99 #feedly
@likecoffee
28 Oct 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【注意喚起】PowerDNS Recursorの脆弱性情報が公開されました(CVE-2025-59023、CVE-2025-59024) https://t.co/u3ky8I8Rrm
@JPRS_official
27 Oct 2025
1169 Impressions
6 Retweets
9 Likes
2 Bookmarks
0 Replies
0 Quotes
PowerDNS Security Advisory 2025-06: Crafted delegations or IP fragments can poison cached delegations in Recursor https://t.co/nZ9jvH0TFT CVE-2025-59023: Cache pollution via spoofing crafted delegations CVE-2025-59024: Cache pollution via UDP IP fragments attack
@oss_security
23 Oct 2025
495 Impressions
1 Retweet
4 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5A6FD19-7754-4B1E-A7CB-C4C0E22301CA",
"versionEndExcluding": "5.1.8",
"versionStartIncluding": "5.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1DD638CF-6817-4E4E-A171-50A3BFDF8E52",
"versionEndExcluding": "5.2.6",
"versionStartIncluding": "5.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A42E909F-1A37-4BBA-A17C-CC744C12D3C3",
"versionEndExcluding": "5.3.1",
"versionStartIncluding": "5.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]