CVE-2025-11411Acceptance of Extraneous Untrusted Data With Trusted Data in Labs Unbound

CWE-349Acceptance of Extraneous Untrusted Data With Trusted Data11 documents9 sources
Severity
5.7MEDIUMNVD
EPSS
0.1%
top 78.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nlnetlabs UnboundNlnet Labs Unbound
Timeline
PublishedOct 22
Latest updateDec 2

Description

NLnet Labs Unbound up to and including version 1.24.1 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that complement positive DNS replies in the authority section can be used to trick resolvers to update their delegation information for the zone. Usually these RRSets are used to update the resolver's knowledge of the zone's name servers. A malicious actor can exploit the possible poisonous effect by injecting NS RRSets (and possibly their respective address records) in a

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:H

Affected Packages3 packages

Debiannlnetlabs/unbound< 1.13.1-1+deb11u7+3
Ubuntunlnetlabs/unbound< 1.13.1-1ubuntu5.14+2
CVEListV5nlnet_labs/unbound1.24.1

🔴Vulnerability Details

4
OSV
unbound regression2025-12-02
OSV
CVE-2025-11411: NLnet Labs Unbound up to and including version 12025-10-22
CVEList
Possible domain hijacking via promiscuous records in the authority section2025-10-22
GHSA
GHSA-6w73-x38p-26g5: NLnet Labs Unbound up to and including version 12025-10-22

📋Vendor Advisories

6
Ubuntu
Unbound regression2025-12-02
BSD
FreeBSD-SA-25:10.unbound: Cache poison in local-unbound service2025-11-26
Ubuntu
Unbound vulnerability2025-11-04
Red Hat
unbound: Unbound domain hijacking via promiscuous records2025-10-22
Microsoft
Possible domain hijacking via promiscuous records in the authority section2025-10-14
CVE-2025-11411 — Nlnet Labs Unbound vulnerability | cvebase