Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2025-40776

HIGH
Published 2025-07-16T13:41:01.337Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2025-40776. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
8.6
/10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Base Score Metrics
Exploitability: N/A Impact: N/A

Attack Vector Metrics

Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED

Impact Metrics

Confidentiality
NONE
Integrity
HIGH
Availability
NONE

Description

A `named` caching resolver that is configured to send ECS (EDNS Client Subnet) options may be vulnerable to a cache-poisoning attack.
This issue affects BIND 9 versions 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.37-S1, and 9.20.9-S1 through 9.20.10-S1.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

ISC

BIND 9

Affected Versions:

9.11.3-S1 9.18.11-S1 9.20.9-S1 9.0.0

EU Vulnerability Database

Monitored by ENISA for EU cybersecurity

EU Coordination

EU Coordinated

Exploitation Status

No Known Exploitation

EUVD ID

View on ENISA

ENISA Analysis

A `named` caching resolver that is configured to send ECS (EDNS Client Subnet) options may be vulnerable to a cache-poisoning attack.
This issue affects BIND 9 versions 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.37-S1, and 9.20.9-S1 through 9.20.10-S1.

Affected Products (ENISA)

isc
bind 9

ENISA Scoring

CVSS Score (3.1)

8.6
/10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

EPSS Score

0.010
probability

ENISA References

https://kb.isc.org/docs/cve-2025-40776

Data provided by ENISA EU Vulnerability Database. Last updated: July 22, 2025

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-2hm8-9847-q7gc

Advisory Details

A `named` caching resolver that is configured to send ECS (EDNS Client Subnet) options may be vulnerable to a cache-poisoning attack. This issue affects BIND 9 versions 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.37-S1, and 9.20.9-S1 through 9.20.10-S1.

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-40776
WEB https://kb.isc.org/docs/cve-2025-40776

Advisory provided by GitHub Security Advisory Database. Published: July 16, 2025, Modified: July 16, 2025

Social Media Intelligence

Real-time discussions and threat intelligence from social platforms

3 posts
Reddit 1 day, 1 hour ago
crstux
Exploit

🔥 Top 10 Trending CVEs (01/08/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-53558](https://nvd.nist.gov/vuln/detail/CVE-2025-53558)** - 📝 n/a - 📈 **CVSS:** 0 - 🧭 **Vector:** n/a - ⚠️ **Priority:** n/a - 📝 **Analysis:** No Information available for this CVE at the moment --- **2. [CVE-2025-54576](https://nvd.nist.gov/vuln/detail/CVE-2025-54576)** …

Also mentions: CVE-2025-43232 CVE-2025-43199 CVE-2025-54418 CVE-2025-53770 CVE-2025-31324 CVE-2025-32433 CVE-2023-2533
2
2.0
View Original High Risk
Reddit 1 week, 1 day ago
Steve_Dobbs_69

CVE-2025-40776: Cache-Poisoning Attack Vulnerability in BIND 9

1
1.0
View Original
Reddit 2 weeks, 2 days ago
michaelpaoli

Re: New BIND releases are available: 9.18.38, 9.20.11, 9.21.10 [https://lists.isc.org/pipermail/bind-announce/2025-July/001277.html](https://lists.isc.org/pipermail/bind-announce/2025-July/001277.html) >Wed Jul 16 13:32:45 UTC 2025 >In addition to bug fixes and feature improvements, these releases also contain fixes for security vulnerabilities (CVE-2025-40776, CVE-2025-40777), about which more information is provided in the following Security Advisories: [https://kb.isc.org/docs/cve-2025-40776](https://kb.isc.org/docs/cve-2025-40776) [https://kb.isc.org/docs/cve-2025-40777](https://kb.isc.org/docs/cve-2025-40777) \> On Jul …

Also mentions: CVE-2025-40777
8
8.0
View Original

References

https://kb.isc.org/docs/cve-2025-40776
Published: 2025-07-16T13:41:01.337Z
Last Modified: 2025-07-22T14:55:04.420Z
Copied to clipboard!