DNSSEC Validation Flaw in Hickory DNS Affects Users with Trust Anchors
CVE-2025-25188

5.7MEDIUM

Key Information:

Vendor

Hickory-dns

Status
Hickory-dns
Vendor
CVE Published:
10 February 2025

What is CVE-2025-25188?

A vulnerability in Hickory DNS, affecting versions prior to 0.24.3 and 0.25.0-alpha.5, compromises DNSSEC verification, allowing unauthorized trust in DNSKEY records. The issue arises when trust is established from just one DNSKEY in a zone, leading to potential trust in all keys within that zone. Additionally, a related issue involves DS records that can incorrectly authenticate signatures made by unrelated DNSKEYs. Users relying on DNSSEC in their deployments should upgrade to the latest versions to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

hickory-dns >= 0.8.0, < 0.24.3 < 0.8.0, 0.24.3

hickory-dns >= 0.25.0-alpha.1, < 0.25.0-alpha.5 < 0.25.0-alpha.1, 0.25.0-alpha.5

References

https://github.com/hickory-dns/hickory-dns/security/advis...
x_refsource_CONFIRM
https://github.com/hickory-dns/hickory-dns/commit/e118c6e...
x_refsource_MISC

CVSS V4

Score:
5.7
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.