CVE-2025-30187 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-30187 PUBLISHED CVSS 3.700000047683716 LOW

In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an unexpected consumption of CPU resources.

EPSS 0.01% · 1.1th percentile

Risk Scores

CVSS v3.1

3.700000047683716

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS Score

0.01%

1.1th percentile

Affected Products

Vendor	Product	Versions
PowerDNS	DNSdist	1.9.0, 2.0.0

Timeline

Sep 18, 2025 EPSS Score
Sep 18, 2025 CVE Published
Sep 18, 2025 PoC Published
Sep 24, 2025 EPSS Score
Oct 1, 2025 EPSS Score
Oct 2, 2025 PoC Published
Oct 7, 2025 EPSS Score
Oct 14, 2025 EPSS Score
Oct 20, 2025 EPSS Score
Oct 27, 2025 EPSS Score
Nov 2, 2025 EPSS Score
Nov 4, 2025 CVE Updated

References

Open in Interactive Console →