csaf_suse - suse-su-2025:4110-1

SUSE-SU-2025:4110-1

Vulnerability from csaf_suse - Published: 2025-11-14 15:56 - Updated: 2025-11-14 15:56

Summary

Security update for bind

Notes

Title of the patch

Security update for bind

Description of the patch

This update for bind fixes the following issues: - CVE-2025-8677: DNSSEC validation fails if matching but invalid DNSKEY is found (bsc#1252378). - CVE-2025-40778: Address various spoofing attacks (bsc#1252379). - CVE-2025-40780: Cache-poisoning due to weak pseudo-random number generator (bsc#1252380).

Patchnames

SUSE-2025-4110,SUSE-SLE-Module-Basesystem-15-SP6-2025-4110,SUSE-SLE-Module-Server-Applications-15-SP6-2025-4110,openSUSE-SLE-15.6-2025-4110

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for bind",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for bind fixes the following issues:\n\n- CVE-2025-8677: DNSSEC validation fails if matching but invalid DNSKEY is found (bsc#1252378).\n- CVE-2025-40778: Address various spoofing attacks (bsc#1252379).\n- CVE-2025-40780: Cache-poisoning due to weak pseudo-random number generator (bsc#1252380).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2025-4110,SUSE-SLE-Module-Basesystem-15-SP6-2025-4110,SUSE-SLE-Module-Server-Applications-15-SP6-2025-4110,openSUSE-SLE-15.6-2025-4110",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_4110-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2025:4110-1",
        "url": "https://www.suse.com/support/update/announcement/2025/suse-su-20254110-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2025:4110-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023287.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1252378",
        "url": "https://bugzilla.suse.com/1252378"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1252379",
        "url": "https://bugzilla.suse.com/1252379"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1252380",
        "url": "https://bugzilla.suse.com/1252380"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-40778 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-40778/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-40780 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-40780/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-8677 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-8677/"
      }
    ],
    "title": "Security update for bind",
    "tracking": {
      "current_release_date": "2025-11-14T15:56:20Z",
      "generator": {
        "date": "2025-11-14T15:56:20Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2025:4110-1",
      "initial_release_date": "2025-11-14T15:56:20Z",
      "revision_history": [
        {
          "date": "2025-11-14T15:56:20Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "bind-9.18.33-150600.3.18.1.aarch64",
                "product": {
                  "name": "bind-9.18.33-150600.3.18.1.aarch64",
                  "product_id": "bind-9.18.33-150600.3.18.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "bind-utils-9.18.33-150600.3.18.1.aarch64",
                "product": {
                  "name": "bind-utils-9.18.33-150600.3.18.1.aarch64",
                  "product_id": "bind-utils-9.18.33-150600.3.18.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "bind-9.18.33-150600.3.18.1.i586",
                "product": {
                  "name": "bind-9.18.33-150600.3.18.1.i586",
                  "product_id": "bind-9.18.33-150600.3.18.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "bind-utils-9.18.33-150600.3.18.1.i586",
                "product": {
                  "name": "bind-utils-9.18.33-150600.3.18.1.i586",
                  "product_id": "bind-utils-9.18.33-150600.3.18.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "bind-doc-9.18.33-150600.3.18.1.noarch",
                "product": {
                  "name": "bind-doc-9.18.33-150600.3.18.1.noarch",
                  "product_id": "bind-doc-9.18.33-150600.3.18.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "bind-9.18.33-150600.3.18.1.ppc64le",
                "product": {
                  "name": "bind-9.18.33-150600.3.18.1.ppc64le",
                  "product_id": "bind-9.18.33-150600.3.18.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "bind-utils-9.18.33-150600.3.18.1.ppc64le",
                "product": {
                  "name": "bind-utils-9.18.33-150600.3.18.1.ppc64le",
                  "product_id": "bind-utils-9.18.33-150600.3.18.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "bind-9.18.33-150600.3.18.1.s390x",
                "product": {
                  "name": "bind-9.18.33-150600.3.18.1.s390x",
                  "product_id": "bind-9.18.33-150600.3.18.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "bind-utils-9.18.33-150600.3.18.1.s390x",
                "product": {
                  "name": "bind-utils-9.18.33-150600.3.18.1.s390x",
                  "product_id": "bind-utils-9.18.33-150600.3.18.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "bind-9.18.33-150600.3.18.1.x86_64",
                "product": {
                  "name": "bind-9.18.33-150600.3.18.1.x86_64",
                  "product_id": "bind-9.18.33-150600.3.18.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "bind-utils-9.18.33-150600.3.18.1.x86_64",
                "product": {
                  "name": "bind-utils-9.18.33-150600.3.18.1.x86_64",
                  "product_id": "bind-utils-9.18.33-150600.3.18.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
                  "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-basesystem:15:sp6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Server Applications 15 SP6",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Server Applications 15 SP6",
                  "product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP6",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-server-applications:15:sp6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.6",
                "product": {
                  "name": "openSUSE Leap 15.6",
                  "product_id": "openSUSE Leap 15.6",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-utils-9.18.33-150600.3.18.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.18.1.aarch64"
        },
        "product_reference": "bind-utils-9.18.33-150600.3.18.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-utils-9.18.33-150600.3.18.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.18.1.ppc64le"
        },
        "product_reference": "bind-utils-9.18.33-150600.3.18.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-utils-9.18.33-150600.3.18.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.18.1.s390x"
        },
        "product_reference": "bind-utils-9.18.33-150600.3.18.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-utils-9.18.33-150600.3.18.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.18.1.x86_64"
        },
        "product_reference": "bind-utils-9.18.33-150600.3.18.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-9.18.33-150600.3.18.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP6",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.18.1.aarch64"
        },
        "product_reference": "bind-9.18.33-150600.3.18.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-9.18.33-150600.3.18.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP6",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.18.1.ppc64le"
        },
        "product_reference": "bind-9.18.33-150600.3.18.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-9.18.33-150600.3.18.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP6",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.18.1.s390x"
        },
        "product_reference": "bind-9.18.33-150600.3.18.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-9.18.33-150600.3.18.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP6",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.18.1.x86_64"
        },
        "product_reference": "bind-9.18.33-150600.3.18.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-doc-9.18.33-150600.3.18.1.noarch as component of SUSE Linux Enterprise Module for Server Applications 15 SP6",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-doc-9.18.33-150600.3.18.1.noarch"
        },
        "product_reference": "bind-doc-9.18.33-150600.3.18.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-9.18.33-150600.3.18.1.aarch64 as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:bind-9.18.33-150600.3.18.1.aarch64"
        },
        "product_reference": "bind-9.18.33-150600.3.18.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-9.18.33-150600.3.18.1.ppc64le as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:bind-9.18.33-150600.3.18.1.ppc64le"
        },
        "product_reference": "bind-9.18.33-150600.3.18.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-9.18.33-150600.3.18.1.s390x as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:bind-9.18.33-150600.3.18.1.s390x"
        },
        "product_reference": "bind-9.18.33-150600.3.18.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-9.18.33-150600.3.18.1.x86_64 as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:bind-9.18.33-150600.3.18.1.x86_64"
        },
        "product_reference": "bind-9.18.33-150600.3.18.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-doc-9.18.33-150600.3.18.1.noarch as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:bind-doc-9.18.33-150600.3.18.1.noarch"
        },
        "product_reference": "bind-doc-9.18.33-150600.3.18.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-utils-9.18.33-150600.3.18.1.aarch64 as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.18.1.aarch64"
        },
        "product_reference": "bind-utils-9.18.33-150600.3.18.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-utils-9.18.33-150600.3.18.1.ppc64le as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.18.1.ppc64le"
        },
        "product_reference": "bind-utils-9.18.33-150600.3.18.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-utils-9.18.33-150600.3.18.1.s390x as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.18.1.s390x"
        },
        "product_reference": "bind-utils-9.18.33-150600.3.18.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-utils-9.18.33-150600.3.18.1.x86_64 as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.18.1.x86_64"
        },
        "product_reference": "bind-utils-9.18.33-150600.3.18.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-40778",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-40778"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache.\nThis issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.18.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.18.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.18.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.18.1.x86_64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.18.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.18.1.ppc64le",
          "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.18.1.s390x",
          "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.18.1.x86_64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-doc-9.18.33-150600.3.18.1.noarch",
          "openSUSE Leap 15.6:bind-9.18.33-150600.3.18.1.aarch64",
          "openSUSE Leap 15.6:bind-9.18.33-150600.3.18.1.ppc64le",
          "openSUSE Leap 15.6:bind-9.18.33-150600.3.18.1.s390x",
          "openSUSE Leap 15.6:bind-9.18.33-150600.3.18.1.x86_64",
          "openSUSE Leap 15.6:bind-doc-9.18.33-150600.3.18.1.noarch",
          "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.18.1.aarch64",
          "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.18.1.ppc64le",
          "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.18.1.s390x",
          "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.18.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-40778",
          "url": "https://www.suse.com/security/cve/CVE-2025-40778"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1252379 for CVE-2025-40778",
          "url": "https://bugzilla.suse.com/1252379"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.18.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.18.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.18.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.18.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.18.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.18.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.18.1.s390x",
            "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.18.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-doc-9.18.33-150600.3.18.1.noarch",
            "openSUSE Leap 15.6:bind-9.18.33-150600.3.18.1.aarch64",
            "openSUSE Leap 15.6:bind-9.18.33-150600.3.18.1.ppc64le",
            "openSUSE Leap 15.6:bind-9.18.33-150600.3.18.1.s390x",
            "openSUSE Leap 15.6:bind-9.18.33-150600.3.18.1.x86_64",
            "openSUSE Leap 15.6:bind-doc-9.18.33-150600.3.18.1.noarch",
            "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.18.1.aarch64",
            "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.18.1.ppc64le",
            "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.18.1.s390x",
            "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.18.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.18.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.18.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.18.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.18.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.18.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.18.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.18.1.s390x",
            "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.18.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-doc-9.18.33-150600.3.18.1.noarch",
            "openSUSE Leap 15.6:bind-9.18.33-150600.3.18.1.aarch64",
            "openSUSE Leap 15.6:bind-9.18.33-150600.3.18.1.ppc64le",
            "openSUSE Leap 15.6:bind-9.18.33-150600.3.18.1.s390x",
            "openSUSE Leap 15.6:bind-9.18.33-150600.3.18.1.x86_64",
            "openSUSE Leap 15.6:bind-doc-9.18.33-150600.3.18.1.noarch",
            "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.18.1.aarch64",
            "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.18.1.ppc64le",
            "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.18.1.s390x",
            "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.18.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-11-14T15:56:20Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-40778"
    },
    {
      "cve": "CVE-2025-40780",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-40780"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In specific circumstances, due to a weakness in the Pseudo Random Number Generator (PRNG) that is used, it is possible for an attacker to predict the source port and query ID that BIND will use.\nThis issue affects BIND 9 versions 9.16.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.16.8-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.18.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.18.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.18.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.18.1.x86_64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.18.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.18.1.ppc64le",
          "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.18.1.s390x",
          "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.18.1.x86_64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-doc-9.18.33-150600.3.18.1.noarch",
          "openSUSE Leap 15.6:bind-9.18.33-150600.3.18.1.aarch64",
          "openSUSE Leap 15.6:bind-9.18.33-150600.3.18.1.ppc64le",
          "openSUSE Leap 15.6:bind-9.18.33-150600.3.18.1.s390x",
          "openSUSE Leap 15.6:bind-9.18.33-150600.3.18.1.x86_64",
          "openSUSE Leap 15.6:bind-doc-9.18.33-150600.3.18.1.noarch",
          "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.18.1.aarch64",
          "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.18.1.ppc64le",
          "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.18.1.s390x",
          "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.18.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-40780",
          "url": "https://www.suse.com/security/cve/CVE-2025-40780"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1252380 for CVE-2025-40780",
          "url": "https://bugzilla.suse.com/1252380"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.18.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.18.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.18.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.18.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.18.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.18.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.18.1.s390x",
            "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.18.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-doc-9.18.33-150600.3.18.1.noarch",
            "openSUSE Leap 15.6:bind-9.18.33-150600.3.18.1.aarch64",
            "openSUSE Leap 15.6:bind-9.18.33-150600.3.18.1.ppc64le",
            "openSUSE Leap 15.6:bind-9.18.33-150600.3.18.1.s390x",
            "openSUSE Leap 15.6:bind-9.18.33-150600.3.18.1.x86_64",
            "openSUSE Leap 15.6:bind-doc-9.18.33-150600.3.18.1.noarch",
            "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.18.1.aarch64",
            "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.18.1.ppc64le",
            "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.18.1.s390x",
            "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.18.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.18.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.18.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.18.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.18.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.18.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.18.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.18.1.s390x",
            "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.18.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-doc-9.18.33-150600.3.18.1.noarch",
            "openSUSE Leap 15.6:bind-9.18.33-150600.3.18.1.aarch64",
            "openSUSE Leap 15.6:bind-9.18.33-150600.3.18.1.ppc64le",
            "openSUSE Leap 15.6:bind-9.18.33-150600.3.18.1.s390x",
            "openSUSE Leap 15.6:bind-9.18.33-150600.3.18.1.x86_64",
            "openSUSE Leap 15.6:bind-doc-9.18.33-150600.3.18.1.noarch",
            "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.18.1.aarch64",
            "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.18.1.ppc64le",
            "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.18.1.s390x",
            "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.18.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-11-14T15:56:20Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-40780"
    },
    {
      "cve": "CVE-2025-8677",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-8677"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Querying for records within a specially crafted zone containing certain malformed DNSKEY records can lead to CPU exhaustion.\nThis issue affects BIND 9 versions 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.18.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.18.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.18.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.18.1.x86_64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.18.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.18.1.ppc64le",
          "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.18.1.s390x",
          "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.18.1.x86_64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-doc-9.18.33-150600.3.18.1.noarch",
          "openSUSE Leap 15.6:bind-9.18.33-150600.3.18.1.aarch64",
          "openSUSE Leap 15.6:bind-9.18.33-150600.3.18.1.ppc64le",
          "openSUSE Leap 15.6:bind-9.18.33-150600.3.18.1.s390x",
          "openSUSE Leap 15.6:bind-9.18.33-150600.3.18.1.x86_64",
          "openSUSE Leap 15.6:bind-doc-9.18.33-150600.3.18.1.noarch",
          "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.18.1.aarch64",
          "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.18.1.ppc64le",
          "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.18.1.s390x",
          "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.18.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-8677",
          "url": "https://www.suse.com/security/cve/CVE-2025-8677"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1252378 for CVE-2025-8677",
          "url": "https://bugzilla.suse.com/1252378"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.18.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.18.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.18.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.18.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.18.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.18.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.18.1.s390x",
            "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.18.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-doc-9.18.33-150600.3.18.1.noarch",
            "openSUSE Leap 15.6:bind-9.18.33-150600.3.18.1.aarch64",
            "openSUSE Leap 15.6:bind-9.18.33-150600.3.18.1.ppc64le",
            "openSUSE Leap 15.6:bind-9.18.33-150600.3.18.1.s390x",
            "openSUSE Leap 15.6:bind-9.18.33-150600.3.18.1.x86_64",
            "openSUSE Leap 15.6:bind-doc-9.18.33-150600.3.18.1.noarch",
            "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.18.1.aarch64",
            "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.18.1.ppc64le",
            "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.18.1.s390x",
            "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.18.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.18.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.18.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.18.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.18.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.18.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.18.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.18.1.s390x",
            "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.18.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-doc-9.18.33-150600.3.18.1.noarch",
            "openSUSE Leap 15.6:bind-9.18.33-150600.3.18.1.aarch64",
            "openSUSE Leap 15.6:bind-9.18.33-150600.3.18.1.ppc64le",
            "openSUSE Leap 15.6:bind-9.18.33-150600.3.18.1.s390x",
            "openSUSE Leap 15.6:bind-9.18.33-150600.3.18.1.x86_64",
            "openSUSE Leap 15.6:bind-doc-9.18.33-150600.3.18.1.noarch",
            "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.18.1.aarch64",
            "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.18.1.ppc64le",
            "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.18.1.s390x",
            "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.18.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-11-14T15:56:20Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-8677"
    }
  ]
}

CVE-2025-40780 (GCVE-0-2025-40780)

Vulnerability from cvelistv5 – Published: 2025-10-22 15:48 – Updated: 2025-11-04 21:10

Summary

In specific circumstances, due to a weakness in the Pseudo Random Number Generator (PRNG) that is used, it is possible for an attacker to predict the source port and query ID that BIND will use. This issue affects BIND 9 versions 9.16.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.16.8-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.

Severity ?

8.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

CWE

CWE-341 - Predictable from Observable State

Assigner

isc

References

URL

Tags

https://kb.isc.org/docs/cve-2025-40780

vendor-advisory

Impacted products

	Vendor	Product	Version
	ISC	BIND 9	Affected: 9.16.0 , ≤ 9.16.50 (custom) Affected: 9.18.0 , ≤ 9.18.39 (custom) Affected: 9.20.0 , ≤ 9.20.13 (custom) Affected: 9.21.0 , ≤ 9.21.12 (custom) Affected: 9.16.8-S1 , ≤ 9.16.50-S1 (custom) Affected: 9.18.11-S1 , ≤ 9.18.39-S1 (custom) Affected: 9.20.9-S1 , ≤ 9.20.13-S1 (custom)

Credits

ISC would like to thank Prof. Amit Klein and Omer Ben Simhon from Hebrew University of Jerusalem for bringing this vulnerability to our attention.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-40780",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-22T17:27:36.366032Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-22T17:27:49.476Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T21:10:16.728Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/10/22/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "BIND 9",
          "vendor": "ISC",
          "versions": [
            {
              "lessThanOrEqual": "9.16.50",
              "status": "affected",
              "version": "9.16.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.18.39",
              "status": "affected",
              "version": "9.18.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.20.13",
              "status": "affected",
              "version": "9.20.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.21.12",
              "status": "affected",
              "version": "9.21.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.16.50-S1",
              "status": "affected",
              "version": "9.16.8-S1",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.18.39-S1",
              "status": "affected",
              "version": "9.18.11-S1",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.20.13-S1",
              "status": "affected",
              "version": "9.20.9-S1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "ISC would like to thank Prof. Amit Klein and Omer Ben Simhon from Hebrew University of Jerusalem for bringing this vulnerability to our attention."
        }
      ],
      "datePublic": "2025-10-22T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "In specific circumstances, due to a weakness in the Pseudo Random Number Generator (PRNG) that is used, it is possible for an attacker to predict the source port and query ID that BIND will use.\nThis issue affects BIND 9 versions 9.16.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.16.8-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "We are not aware of any active exploits."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "BIND can be tricked into caching attacker responses, if the spoofing is successful."
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-341",
              "description": "CWE-341 Predictable from Observable State",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-22T15:48:27.146Z",
        "orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
        "shortName": "isc"
      },
      "references": [
        {
          "name": "CVE-2025-40780",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://kb.isc.org/docs/cve-2025-40780"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.18.41, 9.20.15, 9.21.14, 9.18.41-S1, or 9.20.15-S1."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Cache poisoning due to weak PRNG",
      "workarounds": [
        {
          "lang": "en",
          "value": "No workarounds known."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
    "assignerShortName": "isc",
    "cveId": "CVE-2025-40780",
    "datePublished": "2025-10-22T15:48:27.146Z",
    "dateReserved": "2025-04-16T08:44:49.857Z",
    "dateUpdated": "2025-11-04T21:10:16.728Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-8677 (GCVE-0-2025-8677)

Vulnerability from cvelistv5 – Published: 2025-10-22 15:43 – Updated: 2025-11-04 21:15

Summary

Querying for records within a specially crafted zone containing certain malformed DNSKEY records can lead to CPU exhaustion. This issue affects BIND 9 versions 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-405 - Asymmetric Resource Consumption (Amplification)

Assigner

isc

References

URL

Tags

https://kb.isc.org/docs/cve-2025-8677

vendor-advisory

Impacted products

	Vendor	Product	Version
	ISC	BIND 9	Affected: 9.18.0 , ≤ 9.18.39 (custom) Affected: 9.20.0 , ≤ 9.20.13 (custom) Affected: 9.21.0 , ≤ 9.21.12 (custom) Affected: 9.18.11-S1 , ≤ 9.18.39-S1 (custom) Affected: 9.20.9-S1 , ≤ 9.20.13-S1 (custom)

Credits

ISC would like to thank Zuyao Xu and Xiang Li from the All-in-One Security and Privacy Laboratory at Nankai University for bringing this vulnerability to our attention.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-8677",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-22T17:29:14.290863Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-22T17:29:39.128Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T21:15:09.556Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/10/22/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "BIND 9",
          "vendor": "ISC",
          "versions": [
            {
              "lessThanOrEqual": "9.18.39",
              "status": "affected",
              "version": "9.18.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.20.13",
              "status": "affected",
              "version": "9.20.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.21.12",
              "status": "affected",
              "version": "9.21.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.18.39-S1",
              "status": "affected",
              "version": "9.18.11-S1",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.20.13-S1",
              "status": "affected",
              "version": "9.20.9-S1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "ISC would like to thank Zuyao Xu and Xiang Li from the All-in-One Security and Privacy Laboratory at Nankai University for bringing this vulnerability to our attention."
        }
      ],
      "datePublic": "2025-10-22T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Querying for records within a specially crafted zone containing certain malformed DNSKEY records can lead to CPU exhaustion.\nThis issue affects BIND 9 versions 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "We are not aware of any active exploits."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "An attacker could overwhelm the server, significantly impacting performance and leading to denial of service for legitimate clients."
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-405",
              "description": "CWE-405 Asymmetric Resource Consumption (Amplification)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-22T15:43:10.369Z",
        "orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
        "shortName": "isc"
      },
      "references": [
        {
          "name": "CVE-2025-8677",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://kb.isc.org/docs/cve-2025-8677"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.18.41, 9.20.15, 9.21.14, 9.18.41-S1, or 9.20.15-S1."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Resource exhaustion via malformed DNSKEY handling",
      "workarounds": [
        {
          "lang": "en",
          "value": "No workarounds known."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
    "assignerShortName": "isc",
    "cveId": "CVE-2025-8677",
    "datePublished": "2025-10-22T15:43:10.369Z",
    "dateReserved": "2025-08-06T17:32:34.755Z",
    "dateUpdated": "2025-11-04T21:15:09.556Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-40778 (GCVE-0-2025-40778)

Vulnerability from cvelistv5 – Published: 2025-10-22 15:47 – Updated: 2025-11-07 04:56

Summary

Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.

Severity ?

8.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

CWE

CWE-349 - Acceptance of Extraneous Untrusted Data With Trusted Data

Assigner

isc

References

URL

Tags

https://kb.isc.org/docs/cve-2025-40778

vendor-advisory

Impacted products

	Vendor	Product	Version
	ISC	BIND 9	Affected: 9.11.0 , ≤ 9.16.50 (custom) Affected: 9.18.0 , ≤ 9.18.39 (custom) Affected: 9.20.0 , ≤ 9.20.13 (custom) Affected: 9.21.0 , ≤ 9.21.12 (custom) Affected: 9.11.3-S1 , ≤ 9.16.50-S1 (custom) Affected: 9.18.11-S1 , ≤ 9.18.39-S1 (custom) Affected: 9.20.9-S1 , ≤ 9.20.13-S1 (custom)

Credits

ISC would like to thank Yuxiao Wu, Yunyi Zhang, Baojun Liu, and Haixin Duan from Tsinghua University for bringing this vulnerability to our attention.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-40778",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-06T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-07T04:56:12.201Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://gist.github.com/N3mes1s/f76b4a606308937b0806a5256bc1f918"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T21:10:14.114Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/10/22/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "BIND 9",
          "vendor": "ISC",
          "versions": [
            {
              "lessThanOrEqual": "9.16.50",
              "status": "affected",
              "version": "9.11.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.18.39",
              "status": "affected",
              "version": "9.18.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.20.13",
              "status": "affected",
              "version": "9.20.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.21.12",
              "status": "affected",
              "version": "9.21.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.16.50-S1",
              "status": "affected",
              "version": "9.11.3-S1",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.18.39-S1",
              "status": "affected",
              "version": "9.18.11-S1",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.20.13-S1",
              "status": "affected",
              "version": "9.20.9-S1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "ISC would like to thank Yuxiao Wu, Yunyi Zhang, Baojun Liu, and Haixin Duan from Tsinghua University for bringing this vulnerability to our attention."
        }
      ],
      "datePublic": "2025-10-22T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache.\nThis issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "We are not aware of any active exploits."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Forged records can be injected into cache during a query, which can potentially affect resolution of future queries."
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-349",
              "description": "CWE-349 Acceptance of Extraneous Untrusted Data With Trusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-22T15:47:13.243Z",
        "orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
        "shortName": "isc"
      },
      "references": [
        {
          "name": "CVE-2025-40778",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://kb.isc.org/docs/cve-2025-40778"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.18.41, 9.20.15, 9.21.14, 9.18.41-S1, or 9.20.15-S1."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Cache poisoning attacks with unsolicited RRs",
      "workarounds": [
        {
          "lang": "en",
          "value": "No workarounds known."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
    "assignerShortName": "isc",
    "cveId": "CVE-2025-40778",
    "datePublished": "2025-10-22T15:47:13.243Z",
    "dateReserved": "2025-04-16T08:44:49.857Z",
    "dateUpdated": "2025-11-07T04:56:12.201Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

SUSE-SU-2025:4110-1

CVE-2025-40780 (GCVE-0-2025-40780)

CVE-2025-8677 (GCVE-0-2025-8677)

CVE-2025-40778 (GCVE-0-2025-40778)

Tags

Sightings

Nomenclature