BIND 9 Vulnerability in DNSKEY Record Processing by ISC
CVE-2025-8677

7.5HIGH

Key Information:

Vendor: Isc
Status: Bind 9
Vendor: CVE Published:; 22 October 2025

Badges

👾 Exploit Exists

What is CVE-2025-8677?

The vulnerability allows an attacker to exploit specifically crafted DNSKEY records within a zone to initiate queries, potentially leading to excessive CPU consumption. This can impact the performance and availability of the affected BIND 9 servers. Administrators should ensure they are using updated versions and apply recommended security measures to mitigate this issue.

Affected Version(s)

BIND 9 9.18.0 <= 9.18.39

BIND 9 9.20.0 <= 9.20.13

BIND 9 9.21.0 <= 9.21.12

References

https://kb.isc.org/docs/cve-2025-8677

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Oct 22, 2025
Vulnerability published
Oct 22, 2025
Vulnerability Reserved
Aug 6, 2025

Credit

ISC would like to thank Zuyao Xu and Xiang Li from the All-in-One Security and Privacy Laboratory at Nankai University for bringing this vulnerability to our attention.

JSON

Isc

Badges

What is CVE-2025-8677?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit