Domain Hijacking Vulnerability in NLnet Labs Unbound DNS Resolver
CVE-2025-11411

5.7MEDIUM

Key Information:

Vendor

Nlnet Labs

Status
Unbound
Vendor
CVE Published:
22 October 2025

What is CVE-2025-11411?

CVE-2025-11411 is a vulnerability found in the NLnet Labs Unbound DNS resolver, an open-source software used for DNS resolution that enhances network security and performance. This particular flaw allows for potential domain hijacking attacks, where malicious actors can exploit the DNS resolver's behavior when handling certain types of DNS responses. The vulnerability arises from the handling of promiscuous NS RRSets that accompany positive DNS replies in the authority section. By injecting malicious NS RRSets into DNS responses, an attacker could manipulate the knowledge of the resolver regarding the zone's name servers. This scenario could lead to unauthorized updates of the DNS delegation information, compromising the integrity of DNS resolutions and potentially rerouting legitimate traffic to malicious sites. If exploited, organizations could face significant disruptions, loss of data integrity, and reputational damage, impacting their overall operations.

Potential impact of CVE-2025-11411

  1. Domain Hijacking: The vulnerability enables attackers to hijack legitimate domains, potentially redirecting users to malicious websites. This could lead to phishing attacks, data theft, and exploitation of user credentials.

  2. Compromise of Network Integrity: By tampering with DNS records, attackers can undermine the reliability of network services. This manipulation can disrupt normal operations and lead to service outages, impacting business continuity.

  3. Increased Risk of Malware Distribution: The exploit allows for the redirection of traffic to sites hosting malware, thereby increasing the risk of malware infections across corporate networks. This can lead to data breaches, operational disruptions, and financial losses.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Unbound 0 <= 1.24.1

References

https://www.nlnetlabs.nl/downloads/unbound/CVE-2025-11411...
vendor-advisory

CVSS V4

Score:
5.7
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Yuxiao Wu (Tsinghua University)
Yunyi Zhang (Tsinghua University)
Baojun Liu (Tsinghua University)
Haixin Duan (Tsinghua University)
JSON
.