CVE-2025-59023
published 2026-02-09CVE-2025-59023: Crafted delegations or IP fragments can poison cached delegations in Recursor.
PriorityP345high8.2CVSS 3.1
AVNACLPRNUINSUCNIHAL
EPSS
0.27%
18.2th percentile
Crafted delegations or IP fragments can poison cached delegations in Recursor.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | pdns-recursor | < pdns-recursor 5.3.1-1 (forky) | pdns-recursor 5.3.1-1 (forky) |
| powerdns | recursor | >= 5.1.0 < 5.1.8 | 5.1.8 |
| powerdns | recursor | >= 5.2.0 < 5.2.6 | 5.2.6 |
| powerdns | recursor | >= 5.3.0 < 5.3.1 | 5.3.1 |
CVSS provenance
nvdv3.18.2HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
osv8.2HIGH
vendor_debian8.2HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2025-59023: Crafted delegations or IP fragments can poison cached delegations in Recursor
osv·2026-02-09·CVSS 8.2
CVE-2025-59023 [HIGH] CVE-2025-59023: Crafted delegations or IP fragments can poison cached delegations in Recursor
Crafted delegations or IP fragments can poison cached delegations in Recursor.
GHSA
GHSA-jgvp-6mmr-4mrw: Crafted delegations or IP fragments can poison cached delegations in Recursor
ghsa_unreviewed·2026-02-09
CVE-2025-59023 [HIGH] GHSA-jgvp-6mmr-4mrw: Crafted delegations or IP fragments can poison cached delegations in Recursor
Crafted delegations or IP fragments can poison cached delegations in Recursor.
Debian
CVE-2025-59023: pdns-recursor - Crafted delegations or IP fragments can poison cached delegations in Recursor.
vendor_debian·2025·CVSS 8.2
CVE-2025-59023 [HIGH] CVE-2025-59023: pdns-recursor - Crafted delegations or IP fragments can poison cached delegations in Recursor.
Crafted delegations or IP fragments can poison cached delegations in Recursor.
Scope: local
bookworm: open
bullseye: open
forky: resolved (fixed in 5.3.1-1)
sid: resolved (fixed in 5.3.1-1)
trixie: resolved (fixed in 5.2.6-0+deb13u1)
No detection rules found.
No public exploits indexed.
Wiz
CVE-2025-59023 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.2
CVE-2025-59023 [HIGH] CVE-2025-59023 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-59023 :
Linux Debian vulnerability analysis and mitigation
Crafted delegations or IP fragments can poison cached delegations in Recursor.
Source : NVD
## 8.2
Score
Published February 9, 2026
Severity HIGH
CNA Score 8.2
Affected Technologies
Linux Debian
Linux Alpine
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
pdns-recursor
Sources
NVD
Alpine 3.22, edge Severity HIGH Has Fix Added at: Oct 23, 2025
Alpine 3.23 Severity HIGH Has Fix Added at: Dec 04, 2025
Debian 11, 12 Severity HIGH No Fix Added at: Oct 23, 2025
Debian 13, 14 Severity HIGH Has Fix Added at: Oct 23, 2025
Echo Severity HIGH Ha
Bugzilla
CVE-2025-59023 pdns-recursor: crafted delegations or IP fragments can poison cached delegations [fedora-42]
bugzilla·2026-02-09·CVSS 8.2
CVE-2025-59023 [HIGH] CVE-2025-59023 pdns-recursor: crafted delegations or IP fragments can poison cached delegations [fedora-42]
CVE-2025-59023 pdns-recursor: crafted delegations or IP fragments can poison cached delegations [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintaine
Bugzilla
CVE-2025-59023 pdns-recursor: crafted delegations or IP fragments can poison cached delegations [epel-9]
bugzilla·2026-02-09·CVSS 8.2
CVE-2025-59023 [HIGH] CVE-2025-59023 pdns-recursor: crafted delegations or IP fragments can poison cached delegations [epel-9]
CVE-2025-59023 pdns-recursor: crafted delegations or IP fragments can poison cached delegations [epel-9]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This package has changed maintainer in Fedora. Reassigning to the new maintainer of this component.
---
This package has changed maintainer in Fedora. Reassigning to the new maintainer of this component.
Bugzilla
CVE-2025-59023 pdns-recursor: crafted delegations or IP fragments can poison cached delegations [epel-8]
bugzilla·2026-02-09·CVSS 8.2
CVE-2025-59023 [HIGH] CVE-2025-59023 pdns-recursor: crafted delegations or IP fragments can poison cached delegations [epel-8]
CVE-2025-59023 pdns-recursor: crafted delegations or IP fragments can poison cached delegations [epel-8]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This package has changed maintainer in Fedora. Reassigning to the new maintainer of this component.
---
This package has changed maintainer in Fedora. Reassigning to the new maintainer of this component.
Bugzilla
CVE-2025-59023 pdns-recursor: crafted delegations or IP fragments can poison cached delegations [fedora-43]
bugzilla·2026-02-09·CVSS 8.2
CVE-2025-59023 [HIGH] CVE-2025-59023 pdns-recursor: crafted delegations or IP fragments can poison cached delegations [fedora-43]
CVE-2025-59023 pdns-recursor: crafted delegations or IP fragments can poison cached delegations [fedora-43]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
FEDORA-2026-34cca3d390 (pdns-recursor-5.2.11-1.fc43) has been submitted as an update to Fedora 43.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-34cca3d390
---
FEDORA-2026-088b60c071 (pdns-recursor-5.4.3-1.fc44) has been submitted as an update to Fedora 44.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-088b60c071
---
FEDORA-EPEL-2026-fa6af7decc (pdns-recursor-5.4.3-1.el10_2) has been submitted as an update to Fedora EPEL 10.2.
https:
2026-02-09
Published