Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2025-40777

HIGH
Published 2025-07-16T17:38:06.370Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2025-40777. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
7.5
/10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score Metrics
Exploitability: N/A Impact: N/A

Attack Vector Metrics

Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED

Impact Metrics

Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Description

If a `named` caching resolver is configured with `serve-stale-enable` `yes`, and with `stale-answer-client-timeout` set to `0` (the only allowable value other than `disabled`), and if the resolver, in the process of resolving a query, encounters a CNAME chain involving a specific combination of cached or authoritative records, the daemon will abort with an assertion failure.
This issue affects BIND 9 versions 9.20.0 through 9.20.10, 9.21.0 through 9.21.9, and 9.20.9-S1 through 9.20.10-S1.

Available Exploits

No exploits available for this CVE.

Related News

CVE-2025-40777: A possible assertion failure when using the 'stale-answer-client-timeout 0' option (ISC, 2025.07.16)

BIND 9.20.x / 9.21.x ャserve-stale-enable yes stale-answer-client-timeout 0 (❼serve-stale-enable no stale-answer-client-timeout off )劫㍾羈 CNAME ァ若В羆阪絽悟篋 CVE-2025-40777 BIND 9.20.11 / 9.21.10 т信罩c serve-stale-enable no stale-answer-client-timeout off ┃絎с …

Ryukoku.ac.jp 2025-07-16 15:00
Read More

Affected Products

ISC

BIND 9

Affected Versions:

9.20.0 9.21.0 9.20.9-S1 9.18.0 9.18.11-S1

EU Vulnerability Database

Monitored by ENISA for EU cybersecurity

EU Coordination

EU Coordinated

Exploitation Status

No Known Exploitation

EUVD ID

View on ENISA

ENISA Analysis

If a `named` caching resolver is configured with `serve-stale-enable` `yes`, and with `stale-answer-client-timeout` set to `0` (the only allowable value other than `disabled`), and if the resolver, in the process of resolving a query, encounters a CNAME chain involving a specific combination of cached or authoritative records, the daemon will abort with an assertion failure.
This issue affects BIND 9 versions 9.20.0 through 9.20.10, 9.21.0 through 9.21.9, and 9.20.9-S1 through 9.20.10-S1.

Affected Products (ENISA)

isc
bind 9

ENISA Scoring

CVSS Score (3.1)

7.5
/10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score

0.020
probability

ENISA References

https://kb.isc.org/docs/cve-2025-40777

Data provided by ENISA EU Vulnerability Database. Last updated: July 18, 2025

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-4x4c-8qp9-8ggh

Advisory Details

If a `named` caching resolver is configured with `serve-stale-enable` `yes`, and with `stale-answer-client-timeout` set to `0` (the only allowable value other than `disabled`), and if the resolver, in the process of resolving a query, encounters a CNAME chain involving a specific combination of cached or authoritative records, the daemon will abort with an assertion failure. This issue affects BIND 9 versions 9.20.0 through 9.20.10, 9.21.0 through 9.21.9, and 9.20.9-S1 through 9.20.10-S1.

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-40777
WEB https://kb.isc.org/docs/cve-2025-40777

Advisory provided by GitHub Security Advisory Database. Published: July 16, 2025, Modified: July 16, 2025

Social Media Intelligence

Real-time discussions and threat intelligence from social platforms

1 post
Reddit 2 months ago
michaelpaoli

Re: New BIND releases are available: 9.18.38, 9.20.11, 9.21.10 [https://lists.isc.org/pipermail/bind-announce/2025-July/001277.html](https://lists.isc.org/pipermail/bind-announce/2025-July/001277.html) >Wed Jul 16 13:32:45 UTC 2025 >In addition to bug fixes and feature improvements, these releases also contain fixes for security vulnerabilities (CVE-2025-40776, CVE-2025-40777), about which more information is provided in the following Security Advisories: [https://kb.isc.org/docs/cve-2025-40776](https://kb.isc.org/docs/cve-2025-40776) [https://kb.isc.org/docs/cve-2025-40777](https://kb.isc.org/docs/cve-2025-40777) \> On Jul …

Also mentions: CVE-2025-40776
8
8.0
View Original

References

https://kb.isc.org/docs/cve-2025-40777
Published: 2025-07-16T17:38:06.370Z
Last Modified: 2025-07-18T14:25:48.883Z
Copied to clipboard!