ALPINE-CVE-2025-40778 — Vulnetix

Try Vulnetix Request Demo

ALPINE-CVE-2025-40778 PUBLISHED CVSS 8.600000381469727 HIGH

Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.

Risk Scores

CVSS v3.1

8.600000381469727

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Affected Products

Vendor	Product	Versions
Alpine:v3.19	bind	9.16.11-r0, 9.14.0-r0, 9.14.1-r0
Alpine:v3.22	bind	9.14.1-r0, 9.14.1-r1, 9.14.4-r1
Alpine:v3.20	bind	9.10.4, 0, 9.10.0-r0
Alpine:v3.23	bind	9.9.5-r0, 9.18.29-r0, 9.18.3-r1
Alpine:v3.21	bind	9.9.4, 9.9.4, 9.9.4

Timeline

Oct 22, 2025 CVE Published
Dec 3, 2025 CVE Updated
Apr 30, 2026 Distribution Patch

References

https://security.alpinelinux.org/vuln/CVE-2025-40778 advisory

Open in Interactive Console →