Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2025-40776

Published: July 17, 2025Last modified: July 18, 2025

Description

A `named` caching resolver that is configured to send ECS (EDNS Client Subnet) options may be vulnerable to a cache-poisoning attack. This issue affects BIND 9 versions 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.37-S1, and 9.20.9-S1 through 9.20.10-S1.

Severity score breakdown

ParameterValue
Base score8.6
Attack VectorNETWORK
Attack complexityLOW
Privileges requiredNONE
User interactionNONE
ScopeCHANGED
ConfidentialityNONE
Integrity impactHIGH
Availability impactNONE
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Notes

This affects the subscription edition versions of the BIND 9 (-S suffix in the versions).

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSbindNot affected (9.18.11-r0)
StreambindNot affected (9.18.16-r0)

References

ON THIS PAGE