vulnerability
Red Hat: CVE-2025-40778: bind: Cache poisoning attacks with unsolicited RRs (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:C/A:N) | Oct 22, 2025 | Nov 6, 2025 | Jan 28, 2026 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:C/A:N)
Published
Oct 22, 2025
Added
Nov 6, 2025
Modified
Jan 28, 2026
Description
A vulnerability exists in BIND’s DNS resolver logic that makes it overly permissive when accepting resource records (RRs) in responses. Under certain conditions, this flaw allows attackers to inject unsolicited or forged DNS records into the cache. This can be exploited to poison the resolver cache, redirecting clients to malicious domains or unauthorized servers.
Solutions
redhat-upgrade-bindredhat-upgrade-bind-chrootredhat-upgrade-bind-debuginforedhat-upgrade-bind-debugsourceredhat-upgrade-bind-develredhat-upgrade-bind-dnssec-docredhat-upgrade-bind-dnssec-utilsredhat-upgrade-bind-dnssec-utils-debuginforedhat-upgrade-bind-docredhat-upgrade-bind-export-develredhat-upgrade-bind-export-libsredhat-upgrade-bind-export-libs-debuginforedhat-upgrade-bind-libsredhat-upgrade-bind-libs-debuginforedhat-upgrade-bind-libs-literedhat-upgrade-bind-libs-lite-debuginforedhat-upgrade-bind-licenseredhat-upgrade-bind-lite-develredhat-upgrade-bind-pkcs11redhat-upgrade-bind-pkcs11-debuginforedhat-upgrade-bind-pkcs11-develredhat-upgrade-bind-pkcs11-libsredhat-upgrade-bind-pkcs11-libs-debuginforedhat-upgrade-bind-pkcs11-utilsredhat-upgrade-bind-pkcs11-utils-debuginforedhat-upgrade-bind-sdbredhat-upgrade-bind-sdb-chrootredhat-upgrade-bind-sdb-debuginforedhat-upgrade-bind-utilsredhat-upgrade-bind-utils-debuginforedhat-upgrade-bind9-16redhat-upgrade-bind9-16-chrootredhat-upgrade-bind9-16-debuginforedhat-upgrade-bind9-16-debugsourceredhat-upgrade-bind9-16-develredhat-upgrade-bind9-16-dnssec-utilsredhat-upgrade-bind9-16-dnssec-utils-debuginforedhat-upgrade-bind9-16-docredhat-upgrade-bind9-16-libsredhat-upgrade-bind9-16-libs-debuginforedhat-upgrade-bind9-16-licenseredhat-upgrade-bind9-16-utilsredhat-upgrade-bind9-16-utils-debuginforedhat-upgrade-bind9-18redhat-upgrade-bind9-18-chrootredhat-upgrade-bind9-18-debuginforedhat-upgrade-bind9-18-debugsourceredhat-upgrade-bind9-18-develredhat-upgrade-bind9-18-dnssec-utilsredhat-upgrade-bind9-18-dnssec-utils-debuginforedhat-upgrade-bind9-18-docredhat-upgrade-bind9-18-libsredhat-upgrade-bind9-18-libs-debuginforedhat-upgrade-bind9-18-utilsredhat-upgrade-bind9-18-utils-debuginforedhat-upgrade-python3-bindredhat-upgrade-python3-bind9-16
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.