BIND 9 Vulnerability in Pseudo Random Number Generator by ISC
CVE-2025-40780

8.6HIGH

Key Information:

Vendor

Isc
Status
Bind 9
Vendor
CVE Published:
22 October 2025

Badges

πŸ“ˆ Score: 235πŸ‘Ύ Exploit ExistsπŸ“° News Worthy

What is CVE-2025-40780?

CVE-2025-40780 is a significant vulnerability found in BIND 9, a widely utilized Domain Name System (DNS) server software developed by the Internet Systems Consortium (ISC). This vulnerability arises from a flaw in the Pseudo Random Number Generator (PRNG) utilized by BIND, which can enable an attacker to predict the source port and query ID used by the DNS server. This prediction capability can facilitate various attacks, such as DNS spoofing or cache poisoning, allowing adversaries to redirect legitimate traffic to malicious destinations or disrupt DNS services entirely. BIND is critical for the functionality and security of numerous internet services; thus, the exploitation of this vulnerability has the potential to severely impact organizational operations and information integrity.

Potential Impact of CVE-2025-40780

  1. DNS Spoofing and Cache Poisoning: The vulnerability allows attackers to predict DNS query identifiers, which can lead to the injection of false DNS responses. This manipulation can redirect users to fraudulent sites or intercept sensitive information.

  2. Compromise of Network Security: Exploiting this weakness can enable adversaries to undermine the trust and integrity of a network's DNS infrastructure, potentially allowing for larger cyber attacks such as man-in-the-middle attacks or the spread of malware.

  3. Service Disruption: Should the vulnerability be exploited, attackers could disrupt DNS services, leading to downtime for critical applications and services that rely on DNS for operation, potentially resulting in financial losses and damage to reputation.

Affected Version(s)

BIND 9 9.16.0 <= 9.16.50

BIND 9 9.18.0 <= 9.18.39

BIND 9 9.20.0 <= 9.20.13

News Articles

favicon imageTechzine Global

Dutch NCSC predicts abuse of DNS server software BIND 9

NCSC warns against abuse of BIND 9 vulnerabilities that enable cache poisoning. Updates are available, and organizations must act quickly.

favicon imageSOC Prime

CVE-2025-40778 and CVE-2025-40780: Cache Poisoning Vulnerabilities in BIND 9 Expose DNS Servers to the Risk of Attacks | SOC Prime

Explore the CVE-2025-40778 and CVE-2025-40780 analysis, new BIND 9 Cache poisoning vulnerabilities, with the details on our SOC Prime blog.

favicon imageArs Technica

Cache poisoning vulnerabilities found in 2 DNS resolving apps

At least one CVE could weaken defenses put in place following 2008 disclosure.

References

https://kb.isc.org/docs/cve-2025-40780
vendor-advisory

CVSS V3.1

Score:
8.6
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ“°

    First article discovered by Ars Technica

  • Vulnerability published

  • Vulnerability Reserved

Credit

ISC would like to thank Prof. Amit Klein and Omer Ben Simhon from Hebrew University of Jerusalem for bringing this vulnerability to our attention.
JSON
.