Cache-Poisoning Vulnerability in BIND 9 by ISC
CVE-2025-40776

8.6HIGH

Key Information:

Vendor: Isc
Status: Bind 9
Vendor: CVE Published:; 16 July 2025

Badges

👾 Exploit Exists

What is CVE-2025-40776?

A vulnerability has been identified in BIND 9, where a caching resolver configured to utilize EDNS Client Subnet options is susceptible to cache-poisoning attacks. This can lead to the manipulation of DNS cache entries, allowing attackers to respond to queries with malicious data. Users of affected BIND 9 versions should assess their configurations and apply the necessary updates to mitigate potential risks.

Affected Version(s)

BIND 9 9.11.3-S1 <= 9.16.50-S1

BIND 9 9.18.11-S1 <= 9.18.37-S1

BIND 9 9.20.9-S1 <= 9.20.10-S1

References

https://kb.isc.org/docs/cve-2025-40776

vendor-advisory

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Jul 16, 2025
Vulnerability published
Jul 16, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

ISC would like to thank Xiang Li from AOSP Lab of Nankai University for bringing this vulnerability to our attention.

Isc

Badges

What is CVE-2025-40776?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit