Data Injection Vulnerability in BIND Software by ISC
CVE-2025-40778

8.6HIGH

Key Information:

Vendor

Isc
Status
Bind 9
Vendor
CVE Published:
22 October 2025

Badges

๐Ÿ“ˆ Trended๐Ÿ“ˆ Score: 2,020๐Ÿ’ฐ Ransomware๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC๐Ÿ“ฐ News Worthy

What is CVE-2025-40778?

CVE-2025-40778 is a significant data injection vulnerability found in the BIND software developed by the Internet Systems Consortium (ISC). BIND (Berkeley Internet Name Domain) is a widely used Domain Name System (DNS) server software that plays a crucial role in translating domain names into IP addresses, which is essential for internet functionality. This vulnerability arises from BIND's excessive leniency in validating certain response records, allowing an attacker to inject malicious data into the DNS cache. If successfully exploited, this flaw could lead to erroneous behavior in DNS responses, potentially redirecting users to malicious sites or compromising data integrity, thereby exposing organizations to extensive risks, including data breaches and operational disruptions.

Potential Impact of CVE-2025-40778

  1. Data Integrity Compromise: Exploitation of this vulnerability may enable attackers to inject forged DNS responses, leading to possible rerouting of users to malicious sites. This can ultimately compromise the integrity of data, causing severe reputational damage and loss of customer trust.

  2. Operational Disruption: Organizations relying on BIND for their DNS services might experience disruptions in service due to the manipulation of DNS queries or responses, which can result in downtime and loss of business continuity.

  3. Increased Risk of Malware Attacks: The ability to inject malicious data into the DNS cache opens up avenues for further attacks, including the distribution of ransomware and other payloads. This can lead to additional security incidents and financial losses as organizations grapple with the aftermath of such compromises.

Affected Version(s)

BIND 9 9.11.0 <= 9.16.50

BIND 9 9.18.0 <= 9.18.39

BIND 9 9.20.0 <= 9.20.13

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-40778
Created by nehkark

News Articles

favicon imageHelp Net Security

Week in review: WSUS vulnerability exploited to drop Skuld infostealer, PoC for BIND 9 DNS flaw published - Help Net Security

Hereโ€™s an overview of some of last weekโ€™s most interesting news, articles, interviews and videos: Can your earbuds recognize you? Researchers are working

favicon imageeSecurity Planet

Public Exploit Code Released for Critical BIND 9 DNS Vulnerability | eSecurity Planet

A public exploit for a critical BIND 9 flaw renews DNS cache-poisoning risk, enabling forged records and traffic redirection.

favicon imageThe Hacker News

ThreatsDay Bulletin: DNS Poisoning Flaw, Supply-Chain Heist, Rust Malware Trick and New RATs Rising

Threat actors refine tactics with DNS attacks, new RATs, and Rust-based malware. Stay ahead with this weekโ€™s top ThreatsDay intelligence brief.

References

https://kb.isc.org/docs/cve-2025-40778
vendor-advisory

CVSS V3.1

Score:
8.6
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ’ฐ

    Used in Ransomware

  • ๐Ÿ“ˆ

    Vulnerability started trending

  • ๐Ÿ‘พ

    Exploit known to exist

  • ๐Ÿ“ฐ

    First article discovered by Ars Technica

  • Vulnerability published

  • Vulnerability Reserved

Credit

ISC would like to thank Yuxiao Wu, Yunyi Zhang, Baojun Liu, and Haixin Duan from Tsinghua University for bringing this vulnerability to our attention.
JSON
.