—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in ISC Bind 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

BIND versions:

9.18.0 – 9.18.39

9.20.0 – 9.20.13

9.21.0 – 9.21.12

9.16.0 – 9.16.50

BIND Supported Preview Edition versions: 

9.18.11-S1 – 9.18.39-S1

9.20.9-S1 – 9.20.13-S1

9.16.8-S1 – 9.16.50-S1

Overview

Multiple vulnerabilities have been reported in ISC BIND, which could allow an perform DNS cache poisoning or cause denial-of-service (DoS) conditions on the targeted system.

Target Audience:

All individuals and organizations using affected ISC BIND versions.

Risk Assessment:

High risk of service disruption, DNS cache poisoning, and traffic redirection.

Impact Assessment:

Potential for DNS response manipulation, loss of DNS service availability.

Description

ISC BIND is an open-source DNS server software package that provides both authoritative and recursive DNS services.

These vulnerabilities exist in ISC BIND due to malformed DNSKEY records that can cause CPU exhaustion, a pseudo-random number generator (PRNG) weakness that allows prediction of source ports and query IDs, and lenient acceptance of records, enabling injection of forged data into the cache.

Successful exploitation of these vulnerabilities could allow an attacker to manipulate DNS responses (cache poisoning) or cause denial of service condition due to CPU exhaustion on the targeted system.

Solution

Apply the necessary patches and updates as provided by ISC:

https://kb.isc.org/docs/cve-2025-8677

https://kb.isc.org/docs/cve-2025-40780

https://kb.isc.org/docs/cve-2025-40778

Vendor Information

ISC BIND

https://kb.isc.org/docs/cve-2025-8677

https://kb.isc.org/docs/cve-2025-40780

https://kb.isc.org/docs/cve-2025-40778

References

ISC BIND

https://kb.isc.org/docs/cve-2025-8677

https://kb.isc.org/docs/cve-2025-40780

https://kb.isc.org/docs/cve-2025-40778

CVE Name

CVE-2025-8677

CVE-2025-40780

CVE-2025-40778

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmj85gUACgkQ3jCgcSdc

ys+owQ//RhaWJh1n+uEbvQFmewhKniBON/42O+foib49E00wzF9tqIH7EjNyHA9T

zf0q7lJiF7LOv06MkEnxeJ+Ial7uK+kywfwS458oB3r291vWEI/TpidQg5BPs3o/

nWoYWdYXtWu8hFj0NJE9CTZydXb1+5dvcg4mFxCJTcoLrcHnqWli7fyKypA1xAnw

pRGbCvsqV9cOXcx+4sON4kLw6YexhPS3IrgRWslQq3N7xwEGknR3FfwJB39LmlsH

bCCrz0iAHrsQRpc3ElkYeLUwA+YAS560TH78CNNlOCyUqDSQIZGGDHw52Fa0PK50

8ktIwGz3sxYM7pO5FMwunFHKkrFdz79wBpXWh7NrYziJ32EZycu83lfHatZ7JvPn

6ppyGaTkHQtKkzMWP5BxwOZIgOOol94LLjKf1i3DCumLmc/x6CTl0waZJ5DyNLB1

l5z8TppB/N/ufL+m9s/hpiFKWrHw5iHt5dGtFzNLAcDQjKjdnIxc5i28E6hY9fbW

hzhxi8+m4AK+JztCCakUXUAtahlXO+A0vMixaN+Tg+fjoqS+PxU3oeWvI5s8MI7W

cAakUlwx8HmC8hgWRShfJanbdN+G0mezWl6PqtFanGA4r7ZRUfgYtkphO/Te2SRY

v3pnZg7eCu+eioeaGOradq9X36UdzKuFYcNSefjx0Yt8TZZMPN8=

=zjn7

—–END PGP SIGNATURE—–