CVE-2025-8677
Unknown
Unknown - Not Provided
BaseFortify
Vulnerability report for CVE-2025-8677, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2025-10-22
Last updated on: 2025-11-04
Assigner: Internet Systems Consortium (ISC)
Description
Description
Querying for records within a specially crafted zone containing certain malformed DNSKEY records can lead to CPU exhaustion.
This issue affects BIND 9 versions 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| isc | bind | 9.20.2 |
| isc | bind | 9.18.24 |
| isc | bind | 9.18.30 |
| isc | bind | 9.21.4 |
| isc | bind | 9.20.10 |
| isc | bind | 9.18.32 |
| isc | bind | 9.21.2 |
| isc | bind | 9.18.5 |
| isc | bind | 9.18.25 |
| isc | bind | 9.21.3 |
| isc | bind | 9.21.10 |
| isc | bind | 9.18.4 |
| isc | bind | 9.21.12 |
| isc | bind | 9.21.0 |
| isc | bind | 9.20.0 |
| isc | bind | 9.21.14 |
| isc | bind | 9.18.26 |
| isc | bind | 9.18.16 |
| isc | bind | 9.21.5 |
| isc | bind | 9.18.23 |
| isc | bind | 9.20.8 |
| isc | bind | 9.18.41 |
| isc | bind | 9.18.20 |
| isc | bind | 9.18.35 |
| isc | bind | 9.18.38 |
| isc | bind | 9.18.10 |
| isc | bind | 9.20.9 |
| isc | bind | 9.18.0 |
| isc | bind | 9.18.22 |
| isc | bind | 9.21.11 |
| isc | bind | 9.20.7 |
| isc | bind | 9.18.14 |
| isc | bind | 9.18.19 |
| isc | bind | 9.18.18 |
| isc | bind | 9.21.7 |
| isc | bind | 9.18.13 |
| isc | bind | 9.21.1 |
| isc | bind | 9.20.11 |
| isc | bind | 9.20.13 |
| isc | bind | 9.18.12 |
| isc | bind | 9.18.8 |
| isc | bind | 9.18.9 |
| isc | bind | 9.20.5 |
| isc | bind | 9.18.15 |
| isc | bind | 9.18.29 |
| isc | bind | 9.18.2 |
| isc | bind | 9.18.3 |
| isc | bind | 9.20.1 |
| isc | bind | 9.18.7 |
| isc | bind | 9.18.34 |
| isc | bind | 9.20.15 |
| isc | bind | 9.18.28 |
| isc | bind | 9.18.31 |
| isc | bind | 9.18.21 |
| isc | bind | 9.18.39 |
| isc | bind | 9.21.8 |
| isc | bind | 9.18.1 |
| isc | bind | 9.18.11 |
| isc | bind | 9.18.33 |
| isc | bind | 9.21.9 |
| isc | bind | 9.18.17 |
| isc | bind | 9.20.4 |
| isc | bind | 9.20.12 |
| isc | bind | 9.18.37 |
| isc | bind | 9.20.6 |
| isc | bind | 9.18.27 |
| isc | bind | 9.20.3 |
| isc | bind | 9.18.36 |
| isc | bind | 9.21.6 |
| isc | bind | 9.18.6 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-405 | The product does not properly control situations in which an adversary can cause the product to consume or produce excessive resources without requiring the adversary to invest equivalent work or otherwise prove authorization, i.e., the adversary's influence is "asymmetric." |