vulnerability
Red Hat: CVE-2025-40780: bind: Cache poisoning due to weak PRNG (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:C/A:N) | Oct 22, 2025 | Nov 6, 2025 | Jan 28, 2026 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:C/A:N)
Published
Oct 22, 2025
Added
Nov 6, 2025
Modified
Jan 28, 2026
Description
A vulnerability was found in BIND resolvers caused by a weakness in the Pseudo Random Number Generator (PRNG). This weakness allows an attacker to potentially predict the source port and query ID used by BIND, enabling cache poisoning attacks. If successful, the attacker can inject malicious DNS responses into the resolver’s cache, causing clients to receive spoofed DNS data. Authoritative servers are generally unaffected, but recursive resolvers are exposed to this risk. Exploitation is remote and does not require user interaction.
Solutions
redhat-upgrade-bindredhat-upgrade-bind-chrootredhat-upgrade-bind-debuginforedhat-upgrade-bind-debugsourceredhat-upgrade-bind-develredhat-upgrade-bind-dnssec-docredhat-upgrade-bind-dnssec-utilsredhat-upgrade-bind-dnssec-utils-debuginforedhat-upgrade-bind-docredhat-upgrade-bind-libsredhat-upgrade-bind-libs-debuginforedhat-upgrade-bind-licenseredhat-upgrade-bind-utilsredhat-upgrade-bind-utils-debuginforedhat-upgrade-bind9-16redhat-upgrade-bind9-16-chrootredhat-upgrade-bind9-16-debuginforedhat-upgrade-bind9-16-debugsourceredhat-upgrade-bind9-16-develredhat-upgrade-bind9-16-dnssec-utilsredhat-upgrade-bind9-16-dnssec-utils-debuginforedhat-upgrade-bind9-16-docredhat-upgrade-bind9-16-libsredhat-upgrade-bind9-16-libs-debuginforedhat-upgrade-bind9-16-licenseredhat-upgrade-bind9-16-utilsredhat-upgrade-bind9-16-utils-debuginforedhat-upgrade-bind9-18redhat-upgrade-bind9-18-chrootredhat-upgrade-bind9-18-debuginforedhat-upgrade-bind9-18-debugsourceredhat-upgrade-bind9-18-develredhat-upgrade-bind9-18-dnssec-utilsredhat-upgrade-bind9-18-dnssec-utils-debuginforedhat-upgrade-bind9-18-docredhat-upgrade-bind9-18-libsredhat-upgrade-bind9-18-libs-debuginforedhat-upgrade-bind9-18-utilsredhat-upgrade-bind9-18-utils-debuginforedhat-upgrade-python3-bindredhat-upgrade-python3-bind9-16
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.