CVE-2025-40776
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-16

Last updated on: 2025-07-16

Assigner: Internet Systems Consortium (ISC)

Description
A `named` caching resolver that is configured to send ECS (EDNS Client Subnet) options may be vulnerable to a cache-poisoning attack. This issue affects BIND 9 versions 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.37-S1, and 9.20.9-S1 through 9.20.10-S1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-16
Last Modified
2025-07-16
Generated
2026-05-07
AI Q&A
2025-07-16
EPSS Evaluated
2026-05-05
NVD
CVE-2025-40776
EUVD
EUVD-2025-21705
Affected Vendors & Products
Showing 8 associated CPEs
Vendor Product Version / Range
isc bind 9.18.37-s1
isc bind 9.11.3-s1
isc bind 9.16.50-s1
isc bind 9.18.38-s1
isc bind 9.18.11-s1
isc bind 9.20.9-s1
isc bind 9.20.11-s1
isc bind 9.20.10-s1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-349 The product, when processing trusted data, accepts any untrusted data that is also included with the trusted data, treating the untrusted data as if it were trusted.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability involves a 'named' caching resolver configured to send ECS (EDNS Client Subnet) options, which may be susceptible to a cache-poisoning attack. This means that an attacker could manipulate the DNS cache by exploiting the way ECS options are handled, potentially causing the resolver to return incorrect DNS responses.


How can this vulnerability impact me? :

The vulnerability can impact you by allowing an attacker to poison the DNS cache of the resolver, leading to incorrect or malicious DNS responses. This can result in users being redirected to fraudulent or malicious websites, potentially compromising security and trust.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart