Denial of Service Vulnerability in DNSdist from PowerDNS
CVE-2025-30193

7.5HIGH

Key Information:

Vendor: Powerdns
Status: Dnsdist
Vendor: CVE Published:; 20 May 2025

What is CVE-2025-30193?

A vulnerability within DNSdist allows an attacker to trigger a denial of service condition by exploiting an unlimited query configuration over a single TCP connection, potentially leading to a stack exhaustion and crash of the service. It is crucial for users to upgrade to version 1.9.10 or apply appropriate configuration settings to limit the maximum number of queries, thus ensuring service stability and security.

Affected Version(s)

DNSdist 1.9.10

References

https://dnsdist.org/security-advisories/powerdns-advisory...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 20, 2025
Vulnerability Reserved
Mar 18, 2025

Credit

Renaud Allard

JSON

Powerdns

What is CVE-2025-30193?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit