vulnerability

FreeBSD: VID-b3948bf3-685e-11f0-bff5-6805ca2fa271 (CVE-2025-30192): powerdns-recursor -- cache pollution

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:N/I:N/A:C)	Jul 24, 2025	Jul 25, 2025	Dec 10, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:C)

Published

Jul 24, 2025

Added

Jul 25, 2025

Modified

Dec 10, 2025

Description

PowerDNS Team reports: An attacker spoofing answers to ECS enabled requests sent out by the Recursor has a chance of success higher than non-ECS enabled queries. The updated version include various mitigations against spoofing attempts of ECS enabled queries by chaining ECS enabled requests and enforcing stricter validation of the received answers. The most strict mitigation done when the new setting outgoing.edns_subnet_harden (old style name edns-subnet-harden) is enabled.

Solution

freebsd-upgrade-package-powerdns-recursor

References

CVE-2025-30192
https://attackerkb.com/topics/CVE-2025-30192
CWE-345

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today