A critical security flaw affecting over 706,000 BIND 9 DNS resolvers exposes them to cache poisoning attacks that can inject forged DNS records. Immediate upgrades to patched versions are essential to prevent potential malicious redirection and data manipulation. #CVE-2025-40778 #ISC #BIND9
Keypoints
- The vulnerability CVE-2025-40778 allows remote attackers to poison DNS caches in BIND 9 resolvers.
- The flaw affects multiple versions of BIND 9, including some preview editions used by ISC support customers.
- There are currently no workarounds; organizations must upgrade to fixed versions to mitigate the risk.
- The attack exploits BINDβs overly permissive behavior in accepting DNS responses, enabling injection of forged records.
- The widespread use of vulnerable BIND versions highlights the importance of prompt patching to secure internet infrastructure.
Read More: https://thecyberexpress.com/cve-2025-40778-flaw-exposes-706k-servers/