A critical vulnerability in BIND 9 DNS resolvers (CVE-2025-40778) could allow remote attackers to manipulate DNS cache entries, leading to potential traffic redirection and malware distribution. Although not yet exploited in the wild, the availability of proof-of-concept code emphasizes the need for urgent patching. #CVE-2025-40778 #BIND9 #DNSCachePoisoning
Keypoints
- A high-severity vulnerability affects BIND 9 DNS resolvers, enabling cache poisoning.
- Attackers can inject forged DNS records to redirect users to malicious sites.
- The vulnerability impacts various BIND 9 versions, with fixes available in updated releases.
- Administrators are advised to patch immediately and follow best practices like DNSSEC validation.
- Monitoring cache activity and restricting recursion can help mitigate risks.
Read More: https://www.helpnetsecurity.com/2025/10/28/bind-9-vulnerability-cve-2025-40778-poc/