DEBIAN-CVE-2025-40780

DEBIAN-CVE-2025-40780 PUBLISHED CVSS 8.600000381469727 HIGH

In specific circumstances, due to a weakness in the Pseudo Random Number Generator (PRNG) that is used, it is possible for an attacker to predict the source port and query ID that BIND will use. This issue affects BIND 9 versions 9.16.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.16.8-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.

Risk Scores

CVSS 3.1

8.600000381469727

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Affected Products

Vendor	Product	Versions
Debian:14	bind9	0, 9.20.11-4, 9.20.15-1
Debian:13	bind9	1:9.20.11-4, 1:9.20.15-1~deb13u1~bpo12+1, 0
Debian:12	bind9	9.18.12-1, 9.18.13-1, 9.18.16-1
Debian:11	bind9	0, 1:9.16.21-1+hurd.1, 1:9.16.22-1~deb11u1

Exploit Intelligence

4628.1.0.yml (github-poc)
test_scrapers.py (github-poc)

Timeline

Oct 22, 2025 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2025-40780 advisory

Open in Interactive Console →