Security Advisory

CVE-2025-40778

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-10-22 15:47:13

Last updated 2026-02-26 16:57:13

Assigner isc

State PUBLISHED

Description

Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.

← Browse all CVEs View on cve.org ↗