VDB
CVE-2025-40775
CVE-2025-40775
PUBLISHED
BIND (Berkeley Internet Name Domain) ist ein Open-Source-Softwarepaket, das einen Domain-Name-System-Server implementiert.
EPSS 0.18% · 39.7th percentile
Risk Scores
EPSS Score
0.18%
39.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SUSE | SUSE Linux | |
| Internet Systems Consortium | Internet Systems Consortium BIND <9.21.8 | |
| Open Source | Open Source Arch Linux | |
| SUSE | SUSE openSUSE | |
| Internet Systems Consortium | Internet Systems Consortium BIND <9.20.9 | |
| Ubuntu | Ubuntu Linux |
Exploit Intelligence
- Demonstrates a real-world zero-trust bypass by exploiting BIND CVE-2025-40775 to disrupt DNS, break secret rotation, and expose static credentials in a cloud-native lab. (github-poc)
- Demonstrates a real-world zero-trust bypass by exploiting BIND CVE-2025-40775 to disrupt DNS, break secret rotation, and expose static credentials in a cloud-native lab. (github-poc)
- Demonstrates a real-world zero-trust bypass by exploiting BIND CVE-2025-40775 to disrupt DNS, break secret rotation, and expose static credentials in a cloud-native lab. (github-poc)
- Demonstrates a real-world zero-trust bypass by exploiting BIND CVE-2025-40775 to disrupt DNS, break secret rotation, and expose static credentials in a cloud-native lab. (github-poc)
- Demonstrates a real-world zero-trust bypass by exploiting BIND CVE-2025-40775 to disrupt DNS, break secret rotation, and expose static credentials in a cloud-native lab. (github-poc)
- Demonstrates a real-world zero-trust bypass by exploiting BIND CVE-2025-40775 to disrupt DNS, break secret rotation, and expose static credentials in a cloud-native lab. (github-poc)
- Demonstrates a real-world zero-trust bypass by exploiting BIND CVE-2025-40775 to disrupt DNS, break secret rotation, and expose static credentials in a cloud-native lab. (github-poc)
- Demonstrates a real-world zero-trust bypass by exploiting BIND CVE-2025-40775 to disrupt DNS, break secret rotation, and expose static credentials in a cloud-native lab. (github-poc)
- CIRCL seen: CVE-2025-40775 (circl-sighting)
- CIRCL seen: CVE-2025-40775 (circl-sighting)
…and 16 more exploits
Timeline
- May 21, 2025 CVE Published
- May 21, 2025 PoC Published
- May 21, 2025 PoC Published
- May 21, 2025 PoC Published
- May 22, 2025 EPSS Score
- May 22, 2025 PoC Published
- May 22, 2025 PoC Published
- May 22, 2025 PoC Published
- May 22, 2025 PoC Published
- May 22, 2025 PoC Published
- May 23, 2025 PoC Published
- May 23, 2025 PoC Published
References
- https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1120.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1120 advisory
- https://kb.isc.org/docs/cve-2025-40775 advisory
- https://security.archlinux.org/ASA-202505-14 advisory
- https://ubuntu.com/security/notices/USN-7526-1 advisory
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/2GKU5L3ZUAQID3NG6GATG564CIOI3RAX/ advisory
- https://lists.suse.com/pipermail/sle-security-updates/2025-May/020995.html advisory