216.73.217.22

CVE-2025-40778

· Published 22/10/2025 16:15 · Modified 22/10/2025 21:12

Labels: CVE-2025-40778 2025-10-22CVE-2025-40778CWE-349[email protected]

Essential information

Published
22/10/2025 16:15
Modified
22/10/2025 21:12
Author
Creator
CVSS
8.6 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

CVSS metrics

Description

Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
isc / binder cpe:2.3:a:isc:binder:9.11.0-9.16.50:*:*:*:*:*:*:*
isc / binder cpe:2.3:a:isc:binder:9.18.0-9.18.39:*:*:*:*:*:*:*
isc / binder cpe:2.3:a:isc:binder:9.20.0-9.20.13:*:*:*:*:*:*:*
isc / binder cpe:2.3:a:isc:binder:9.21.0-9.21.12:*:*:*:*:*:*:*
isc / binder cpe:2.3:a:isc:binder:9.11.3-S1-9.16.50-S1:*:*:*:*:*:*:*
isc / binder cpe:2.3:a:isc:binder:9.18.11-S1-9.18.39-S1:*:*:*:*:*:*:*
isc / binder cpe:2.3:a:isc:binder:9.20.9-S1-9.20.13-S1:*:*:*:*:*:*:*

References