CVE-2025-40776
Published: July 17, 2025Last modified: August 6, 2025
Description
A `named` caching resolver that is configured to send ECS (EDNS Client Subnet) options may be vulnerable to a cache-poisoning attack. This issue affects BIND 9 versions 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.37-S1, and 9.20.9-S1 through 9.20.10-S1.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 8.6 |
| Attack Vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | NONE |
| Scope | CHANGED |
| Confidentiality | NONE |
| Integrity impact | HIGH |
| Availability impact | NONE |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N |
Notes
This affects the subscription edition versions of the BIND 9 (-S suffix in the versions).
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | bind | Not affected (9.18.11-r0) |
| 25 LTS | bind | Fixed (9.20.11-r0) | |
| Stream | bind | Not affected (9.18.16-r0) |