Web Methods Consortium (ISC) on Wednesday introduced BIND 9 updates that resolve high-severity vulnerabilities, together with cache poisoning flaws.
The primary challenge is a weak spot within the Pseudo Random Quantity Generator (PRNG) utilized by the favored DNS server software program that, in sure circumstances, might enable an attacker to foretell the supply port and question ID that might be used.
Attackers might abuse the safety defect, tracked as CVE-2025-40780 (CVSS rating of 8.6), in spoofing assaults that, if profitable, might lead to BIND caching attacker responses, ISC explains.
The second bug, tracked as CVE-2025-40778 (CVSS rating of 8.6), exists as a result of, “beneath sure circumstances, BIND is just too lenient when accepting data from solutions.”
This permits attackers to inject cast data into the cache, probably impacting the decision of future queries.
The third vulnerability, CVE-2025-8677 (CVSS rating of seven.5), is described as a denial-of-service (DoS) challenge that may be triggered when “querying for data inside a specifically crafted zone containing sure malformed DNSKEY data”.
An attacker might exploit the bug to overwhelm the server, impacting the efficiency and repair availability by exhausting CPU assets.
In accordance with ISC, all three flaws have an effect on resolvers however are believed to haven’t any impression on authoritative servers. No workaround is out there for any of them, however none seems to have been exploited within the wild.Commercial. Scroll to proceed studying.
The safety defects have been addressed with the discharge of BIND variations 9.18.41, 9.20.15, and 9.21.14, and BIND Supported Preview Version variations 9.18.41-S1 and 9.20.15-S1.
ISC recommends updating to a patched model of BIND as quickly as potential. Organizations counting on discontinued iterations of the DNS server ought to transition to a supported model.
Associated: Oracle Releases October 2025 Patches
Associated: BIND Updates Resolve Excessive-Severity DoS Vulnerabilities
Associated: Essential Vulnerabilities Patched in TP-Hyperlink’s Omada Gateways
Associated: ConnectWise Patches Essential Flaw in Automate RMM Device
