vulnerability

Debian: CVE-2025-30192: pdns-recursor -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:N/I:N/A:C)	Jul 21, 2025	Jul 25, 2025	Aug 15, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:C)

Published

Jul 21, 2025

Added

Jul 25, 2025

Modified

Aug 15, 2025

Description

An attacker spoofing answers to ECS enabled requests sent out by the Recursor has a chance of success higher than non-ECS enabled queries.

The updated version include various mitigations against spoofing attempts of ECS enabled queries by chaining ECS enabled requests and enforcing stricter validation of the received answers.

The most strict mitigation done when the new setting outgoing.edns_subnet_harden (old style name edns-subnet-harden) is enabled.

Solution

no-fix-debian-deb-package

References

CVE-2025-30192
https://attackerkb.com/topics/CVE-2025-30192
CWE-345

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today