BIND Updates Address High-Severity Cache Poisoning Flaws

Posted on By CWS

Web Methods Consortium (ISC) on Wednesday introduced BIND 9 updates that resolve high-severity vulnerabilities, together with cache poisoning flaws.

The primary challenge is a weak spot within the Pseudo Random Quantity Generator (PRNG) utilized by the favored DNS server software program that, in sure circumstances, might enable an attacker to foretell the supply port and question ID that might be used.

Attackers might abuse the safety defect, tracked as CVE-2025-40780 (CVSS rating of 8.6), in spoofing assaults that, if profitable, might lead to BIND caching attacker responses, ISC explains.

The second bug, tracked as CVE-2025-40778 (CVSS rating of 8.6), exists as a result of, “beneath sure circumstances, BIND is just too lenient when accepting data from solutions.”

This permits attackers to inject cast data into the cache, probably impacting the decision of future queries.

The third vulnerability, CVE-2025-8677 (CVSS rating of seven.5), is described as a denial-of-service (DoS) challenge that may be triggered when “querying for data inside a specifically crafted zone containing sure malformed DNSKEY data”.

An attacker might exploit the bug to overwhelm the server, impacting the efficiency and repair availability by exhausting CPU assets.

In accordance with ISC, all three flaws have an effect on resolvers however are believed to haven’t any impression on authoritative servers. No workaround is out there for any of them, however none seems to have been exploited within the wild.Commercial. Scroll to proceed studying.

The safety defects have been addressed with the discharge of BIND variations 9.18.41, 9.20.15, and 9.21.14, and BIND Supported Preview Version variations 9.18.41-S1 and 9.20.15-S1.

ISC recommends updating to a patched model of BIND as quickly as potential. Organizations counting on discontinued iterations of the DNS server ought to transition to a supported model.

Associated: Oracle Releases October 2025 Patches

Associated: BIND Updates Resolve Excessive-Severity DoS Vulnerabilities

Associated: Essential Vulnerabilities Patched in TP-Hyperlink’s Omada Gateways

Associated: ConnectWise Patches Essential Flaw in Automate RMM Device

Security Week News Tags:, , , , , ,

Related Posts

SBOM Pioneer Allan Friedman Joins NetRise to Advance Supply Chain Visibility Security Week News
Why Sincerity Is a Strategic Asset in Cybersecurity Security Week News
Andrei Tarasov: Inside the Journey of a Russian Hacker on the FBI’s Most Wanted List Security Week News
Pixnapping Attack Steals Data From Google, Samsung Android Phones Security Week News
Chrome 142 Update Patches High-Severity Flaws Security Week News
CitrixBleed 2 Flaw Poses Unacceptable Risk: CISA Security Week News