CVE-2025-40776

Summary

A named caching resolver that is configured to send ECS (EDNS Client Subnet) options may be vulnerable to a cache-poisoning attack. This issue affects BIND 9 versions 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.37-S1, and 9.20.9-S1 through 9.20.10-S1.

Affected Software

VendorProductVersion RangeStatus
ISCBIND 99.11.3-S1 <= 9.16.50-S1affected
ISCBIND 99.18.11-S1 <= 9.18.37-S1affected
ISCBIND 99.20.9-S1 <= 9.20.10-S1affected
ISCBIND 99.0.0 <= 9.20.10unaffected

Weaknesses

  • CWE-349: CWE-349 Acceptance of Extraneous Untrusted Data With Trusted Data

Workarounds

Disable ECS in BIND by removing the ecs-zones option from named.conf.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References