Denial of Service Vulnerability in CoreDNS by Cloudflare
CVE-2025-47950

7.5HIGH

Key Information:

Vendor: Coredns
Status: Coredns
Vendor: CVE Published:; 6 June 2025

What is CVE-2025-47950?

CoreDNS, a flexible DNS server known for its plugin architecture, contains a Denial of Service vulnerability in its DNS-over-QUIC implementation. Versions before 1.21.2 allow a remote, unauthenticated attacker to create numerous QUIC streams, leading to excessive memory consumption that can crash the server, particularly in environments with limited resources. The introduced patch in version 1.21.2 effectively limits concurrent streams and implements a bounded worker pool, enhancing resilience against high stream loads. For those unable to upgrade, options to mitigate include disabling QUIC support, employing container resource limits, and actively monitoring stream patterns for anomalies.

Affected Version(s)

coredns < 1.12.2

References

https://github.com/coredns/coredns/security/advisories/GH...

x_refsource_CONFIRM

https://github.com/coredns/coredns/commit/efaed02c6a480ec...

x_refsource_MISC

https://datatracker.ietf.org/doc/html/rfc9250

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 6, 2025
Vulnerability Reserved
May 14, 2025

Coredns

What is CVE-2025-47950?

Affected Version(s)

References

CVSS V3.1

Timeline