cbcvebase.
CVE-2025-40780
published 2025-10-22

CVE-2025-40780: In specific circumstances, due to a weakness in the Pseudo Random Number Generator (PRNG) that is used, it is possible for an attacker to predict the source…

high8.6CVSS 3.1
AVNACLPRNUINSCCNIHAN
In specific circumstances, due to a weakness in the Pseudo Random Number Generator (PRNG) that is used, it is possible for an attacker to predict the source port and query ID that BIND will use. This issue affects BIND 9 versions 9.16.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.16.8-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.

Affected

24 ranges
VendorProductVersion rangeFixed in
debianbind9< bind9 1:9.18.41-1~deb12u1 (bookworm)bind9 1:9.18.41-1~deb12u1 (bookworm)
iscbind>= 0 < 9.18.41-r09.18.41-r0
iscbind>= 0 < 9.18.41-r09.18.41-r0
iscbind>= 0 < 9.18.41-r09.18.41-r0
iscbind>= 0 < 9.20.15-r09.20.15-r0
iscbind>= 0 < 9.20.15-r09.20.15-r0
iscbind9>= 0 < 1:9.16.50-1~deb11u41:9.16.50-1~deb11u4
iscbind9>= 0 < 1:9.18.41-1~deb12u11:9.18.41-1~deb12u1
iscbind9>= 0 < 1:9.20.15-1~deb13u11:9.20.15-1~deb13u1
iscbind9>= 0 < 1:9.20.15-11:9.20.15-1
iscbind9>= 0 < 1:9.18.39-0ubuntu0.22.04.21:9.18.39-0ubuntu0.22.04.2
iscbind9>= 0 < 1:9.18.39-0ubuntu0.24.04.21:9.18.39-0ubuntu0.24.04.2
iscbind9>= 0 < 1:9.20.11-1ubuntu2.11:9.20.11-1ubuntu2.1
iscbind9>= 0 < 1:9.18.30-0ubuntu0.20.04.2+esm11:9.18.30-0ubuntu0.20.04.2+esm1
iscbind_99.16.0 – 9.16.50
iscbind_99.16.8-S1 – 9.16.50-S1
iscbind_99.18.0 – 9.18.39
iscbind_99.18.11-S1 – 9.18.39-S1
iscbind_99.20.0 – 9.20.13
iscbind_99.20.9-S1 – 9.20.13-S1
iscbind_99.21.0 – 9.21.12
msrcazl3_bind_9.20.11-1_on_azure_linux_3.0
msrcazl3_bind_9.20.15-1_on_azure_linux_3.0
msrccbl2_bind_9.16.50-2_on_cbl_mariner_2.0

CVSS provenance

nvdv3.18.6HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
osv8.6HIGH