vulnerability
Red Hat: CVE-2025-5994: unbound: Unbound Cache poisoning (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:C/A:N) | Jul 16, 2025 | Jul 17, 2025 | Jun 12, 2026 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:C/A:N)
Published
Jul 16, 2025
Added
Jul 17, 2025
Modified
Jun 12, 2026
Description
A cache poisoning flaw was found in Unbound. Resolvers supporting EDNS Client Subnet (ECS) must segregate outgoing queries to accommodate different outgoing ECS information. This issue reopens resolvers to a birthday paradox attack, known as the Rebirthday Attack, which attempts to match the DNS transaction ID with cache non-ECS poisoned replies.
Solutions
redhat-upgrade-python3-unboundredhat-upgrade-python3-unbound-debuginforedhat-upgrade-unboundredhat-upgrade-unbound-debuginforedhat-upgrade-unbound-debugsourceredhat-upgrade-unbound-develredhat-upgrade-unbound-dracutredhat-upgrade-unbound-libsredhat-upgrade-unbound-libs-debuginfo
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.