BIND Updates Address High-Severity Cache Poisoning Flaws

Posted on By CWS

Web Methods Consortium (ISC) on Wednesday introduced BIND 9 updates that resolve high-severity vulnerabilities, together with cache poisoning flaws.

The primary challenge is a weak spot within the Pseudo Random Quantity Generator (PRNG) utilized by the favored DNS server software program that, in sure circumstances, might enable an attacker to foretell the supply port and question ID that might be used.

Attackers might abuse the safety defect, tracked as CVE-2025-40780 (CVSS rating of 8.6), in spoofing assaults that, if profitable, might lead to BIND caching attacker responses, ISC explains.

The second bug, tracked as CVE-2025-40778 (CVSS rating of 8.6), exists as a result of, “beneath sure circumstances, BIND is just too lenient when accepting data from solutions.”

This permits attackers to inject cast data into the cache, probably impacting the decision of future queries.

The third vulnerability, CVE-2025-8677 (CVSS rating of seven.5), is described as a denial-of-service (DoS) challenge that may be triggered when “querying for data inside a specifically crafted zone containing sure malformed DNSKEY data”.

An attacker might exploit the bug to overwhelm the server, impacting the efficiency and repair availability by exhausting CPU assets.

In accordance with ISC, all three flaws have an effect on resolvers however are believed to haven’t any impression on authoritative servers. No workaround is out there for any of them, however none seems to have been exploited within the wild.Commercial. Scroll to proceed studying.

The safety defects have been addressed with the discharge of BIND variations 9.18.41, 9.20.15, and 9.21.14, and BIND Supported Preview Version variations 9.18.41-S1 and 9.20.15-S1.

ISC recommends updating to a patched model of BIND as quickly as potential. Organizations counting on discontinued iterations of the DNS server ought to transition to a supported model.

Associated: Oracle Releases October 2025 Patches

Associated: BIND Updates Resolve Excessive-Severity DoS Vulnerabilities

Associated: Essential Vulnerabilities Patched in TP-Hyperlink’s Omada Gateways

Associated: ConnectWise Patches Essential Flaw in Automate RMM Device

Security Week News Tags:, , , , , ,

Related Posts

Google Gemini Tricked Into Showing Phishing Message Hidden in Email  Security Week News
Chrome 137, Firefox 139 Patch High-Severity Vulnerabilities Security Week News
In Other News: Volkswagen App Hacked, DR32 Sentenced, New OT Security Solution Security Week News
Tiffany Data Breach Impacts Thousands of Customers Security Week News
Two New Web Application Risk Categories Added to OWASP Top 10 Security Week News
Critical Dolby Vulnerability Patched in Android Security Week News