CVE-2025-59029 — Reachable Assertion in Recursor

CWE-617 — Reachable Assertion11 documents8 sources

Severity

5.3MEDIUMNVD

EPSS

0.0%

top 99.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Powerdns Recursor

Timeline

PublishedDec 9

Latest updateDec 17

Description

An attacker can trigger an assertion failure by requesting crafted DNS records, waiting for them to be inserted into the records cache, then send a query with qtype set to ANY.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5powerdns/recursor5.3.0 — 5.3.2

▶NVDpowerdns/recursor5.3.0, 5.3.1+1

🔴Vulnerability Details

CVEList

Internal logic flaw in cache management can lead to a denial of service in PowerDNS Recursor↗2025-12-09

▶

OSV

CVE-2025-59029: An attacker can trigger an assertion failure by requesting crafted DNS records, waiting for them to be inserted into the records cache, then send a qu↗2025-12-09

▶

GHSA

GHSA-2gr2-cm9q-vr3v: An attacker can trigger an assertion failure by requesting crafted DNS records, waiting for them to be inserted into the records cache, then send a qu↗2025-12-09

▶

📋Vendor Advisories

Red Hat

PowerDNS: PowerDNS: Assertion failure due to crafted DNS records↗2025-12-09

▶

Debian

CVE-2025-59029: pdns-recursor - An attacker can trigger an assertion failure by requesting crafted DNS records, ...↗2025

▶

🕵️Threat Intelligence

Wiz

CVE-2025-59029 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

💬Community

Bugzilla

CVE-2025-59029 pdns: PowerDNS: Assertion failure due to crafted DNS records [fedora-42]↗2025-12-17

▶

Bugzilla

CVE-2025-59029 pdns: PowerDNS: Assertion failure due to crafted DNS records [fedora-43]↗2025-12-17

▶

Bugzilla

CVE-2025-59029 pdns-recursor: PowerDNS: Assertion failure due to crafted DNS records [fedora-43]↗2025-12-17

▶

Bugzilla

CVE-2025-59029 pdns-recursor: PowerDNS: Assertion failure due to crafted DNS records [fedora-42]↗2025-12-17

▶