Spoofing Vulnerability in PowerDNS Recursor by PowerDNS
CVE-2025-30192

7.5HIGH

Key Information:

Vendor

Powerdns

Status
Recursor
Vendor
CVE Published:
21 July 2025

What is CVE-2025-30192?

A vulnerability exists in PowerDNS Recursor that allows attackers to exploit ECS enabled requests, resulting in greater success rates for spoofing attempts compared to non-ECS enabled queries. The recent update implements multiple mitigations to counteract these spoofing attempts. These include enhanced validation of responses and the introduction of a configuration setting, outgoing.edns_subnet_harden, which strengthens the security of outgoing ECS queries, making it significantly harder for malicious actors to succeed.

Affected Version(s)

Recursor 5.0.12

Recursor 5.0.12

Recursor 5.1.6

References

https://docs.powerdns.com/recursor/security-advisories/po...

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Xiang Li of AOSP Lab Nankai University
.
CVE-2025-30192 : Spoofing Vulnerability in PowerDNS Recursor by PowerDNS