VDB
DEBIAN-CVE-2025-40778
DEBIAN-CVE-2025-40778
PUBLISHED
CVSS 8.600000381469727 HIGH
Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.
Risk Scores
CVSS 3.1
8.600000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | bind9 | 0, 0, 9.20.11-4 |
| Debian:13 | bind9 | 0, 1:9.20.11-4, 1:9.20.15-1~deb13u1~bpo12+1 |
| Debian:12 | bind9 | 9.18.12-1, 9.18.13-1, 9.18.16-1 |
| Debian:11 | bind9 | 0, 1:9.16.15-1, 1:9.16.21-1 |
Exploit Intelligence
- Proof of Concept for CVE-2025-40778: BIND 9 DNS Cache Poisoning via unsolicited Additional Section records. (github-poc-repo)
- Forensic triage of DNS cache poisoning in legacy hardware. Includes PCAP analysis of 839-byte unsolicited record injections, CVE-2025-40778 mapping, and remediation via hardened Unbound (DoT) on Arch Linux. (github-poc-repo)
- Forensic triage of DNS cache poisoning in legacy hardware. Includes PCAP analysis of 839-byte unsolicited record injections, CVE-2025-40778 mapping, and remediation via hardened Unbound (DoT) on Arch Linux. (github-poc)
- Proof of Concept for CVE-2025-40778: BIND 9 DNS Cache Poisoning via unsolicited Additional Section records. (github-poc)
- 4628.1.0.yml (github-poc)
- probe_network.go (github-poc)
- test_scrapers.py (github-poc)
Timeline
- Oct 22, 2025 CVE Published
- Apr 28, 2026 CVE Updated