Security Flaw in BIND 9 by ISC Affects DNS Protocol Handling

CVE-2025-40775

What is CVE-2025-40775?

CVE-2025-40775 is a security vulnerability found in the BIND 9 DNS server software, developed by the Internet Systems Consortium (ISC). BIND, which is widely utilized for processing Domain Name System (DNS) queries, plays a crucial role in translating domain names into IP addresses, thereby enabling navigation on the internet. The vulnerability arises from how BIND handles incoming DNS protocol messages containing Transaction Signatures (TSIG). Specifically, if a TSIG message includes an invalid algorithm value, BIND will abort its operations with an assertion failure. This flaw affects BIND versions 9.20.0 through 9.20.8 and 9.21.0 through 9.21.7, potentially exposing organizations that depend on these versions to significant operational disruptions and security risks.

Potential Impact of CVE-2025-40775

1. Operational Disruption: The assertion failure triggered by this vulnerability can cause the BIND DNS server to stop responding, leading to service outages. Organizations relying on BIND for DNS resolution may experience downtime, disrupting access to critical services and negatively impacting business operations.

2. Security Risks: This vulnerability may expose systems to additional security threats. The failure to process DNS requests correctly could be exploited by malicious actors to launch further attacks, such as DNS spoofing, potentially compromising the integrity and availability of the DNS service.

3. Increased Attack Surface: With a known flaw in a widely-used component like BIND 9, the risk of targeted cyber attacks increases. Threat actors may leverage this vulnerability to gain unauthorized access to network resources, which can lead to data breaches and other malicious activities.

News Articles

Security NEXT

CVE-2025-40775

【セキュリティ ニュース】「BIND 9」に緊急脆弱性 - 1パケットでDoS攻撃が可能（1ページ目 / 全2ページ）：Security NEXT

「BIND 9」にサービス拒否の脆弱性が明らかとなった。リモートからDoS攻撃が可能になるとして、関連機関ではアップデートを呼びかけている。 ：Security NEXT

References