CVE-2025-13878
Malformed BRID/HHIT Records Cause BIND Named Crash (DoS
Publication date: 2026-01-21
Last updated on: 2026-01-21
Assigner: Internet Systems Consortium (ISC)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| isc | bind | From 9.18.40 (inc) to 9.18.43 (inc) |
| isc | bind | From 9.20.13 (inc) to 9.20.17 (inc) |
| isc | bind | From 9.21.12 (inc) to 9.21.16 (inc) |
| isc | bind | From 9.18.40-S1 (inc) to 9.18.43-S1 (inc) |
| isc | bind | From 9.20.13-S1 (inc) to 9.20.17-S1 (inc) |
| isc | bind | 9.18.44 |
| isc | bind | 9.20.18 |
| isc | bind | 9.21.17 |
| isc | bind | 9.18.44-S1 |
| isc | bind | 9.20.18-S1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-617 | The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-13878 is a vulnerability in BIND 9 DNS software where malformed BRID/HHIT DNS records cause the named daemon to terminate unexpectedly. This leads to a denial of service by crashing the DNS server or resolver. The issue affects multiple versions of BIND 9 and can be exploited remotely without authentication or user interaction. [4]
How can this vulnerability impact me? :
This vulnerability can cause your DNS server or resolver running affected BIND 9 versions to crash unexpectedly, resulting in denial of service. This impacts the availability of DNS services, potentially disrupting network operations and access to resources dependent on DNS resolution. [4]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade BIND 9 to one of the patched releases: 9.18.44, 9.20.18, 9.21.17, or the corresponding Supported Preview Editions 9.18.44-S1 and 9.20.18-S1. No workarounds are currently known, so upgrading to a fixed version is the recommended immediate step. [4, 3, 2, 1]