CVE-2025-40780

CWE-341 CWE-33812 documents8 sources

Severity

8.6HIGH

EPSS

0.0%

top 93.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ISC Bind 9

Timeline

PublishedOct 22

Latest updateNov 12

Description

In specific circumstances, due to a weakness in the Pseudo Random Number Generator (PRNG) that is used, it is possible for an attacker to predict the source port and query ID that BIND will use. This issue affects BIND 9 versions 9.16.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.16.8-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:NExploitability: 3.9 | Impact: 4.0

Affected Packages3 packages

▶Alpinebind< 9.18.41-r0+4

▶Debianbind9< 1:9.16.50-1~deb11u4+3

▶CVEListV5isc/bind_99.16.0 — 9.16.50+6

🔴Vulnerability Details

OSV

bind9 vulnerabilities↗2025-11-12

▶

OSV

CVE-2025-40780: In specific circumstances, due to a weakness in the Pseudo Random Number Generator (PRNG) that is used, it is possible for an attacker to predict the↗2025-10-22

▶

CVEList

Cache poisoning due to weak PRNG↗2025-10-22

▶

OSV

CVE-2025-40780: In specific circumstances, due to a weakness in the Pseudo Random Number Generator (PRNG) that is used, it is possible for an attacker to predict the↗2025-10-22

▶

GHSA

GHSA-j3w4-m6qj-vmm5: In specific circumstances, due to a weakness in the Pseudo Random Number Generator (PRNG) that is used, it is possible for an attacker to predict the↗2025-10-22

▶

📋Vendor Advisories

Ubuntu

Bind vulnerabilities↗2025-11-12

▶

Red Hat

bind: Cache poisoning due to weak PRNG↗2025-10-22

▶

Ubuntu

Bind vulnerabilities↗2025-10-22

▶

Microsoft

Cache poisoning due to weak PRNG↗2025-10-14

▶

Debian

CVE-2025-40780: bind9 - In specific circumstances, due to a weakness in the Pseudo Random Number Generat...↗2025

▶