ISC Product Security Update Advisory (CVE-2025-40776)

Jul 29 2025

Overview

We have released security updates to fix vulnerabilities in ISC products. Users of affected products are advised to update to the latest version.

Affected Products

CVE-2025-40776

BIND Supported Preview Edition Versions: 9.11.3-S1 or earlier and 9.16.50-S1 or earlier
BIND Supported Preview Edition Versions: 9.18.11-S1 or later and 9.18.37-S1 or earlier
BIND Supported Preview Edition versions: 9.20.9-S1 or later and 9.20.10-S1 or earlier

Resolved Vulnerabilities

Cache Poisoning Vulnerability in BIND Supported Preview Edition (CVE-2025-40776)

Vulnerability Patches

Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2025-40776

BIND Supported Preview Edition Version: 9.18.38-S1
BIND Supported Preview Edition Version: 9.20.11-S1

References

[1] CVE-2025-40776: Birthday Attack against Resolvers supporting ECS
https://kb.isc.org/docs/cve-2025-40776

ISC Product Security Update Advisory (CVE-2025-40776)

Sophos product security update advisory

Citrix Product Security Update Advisory

Tags:

Sophos product security update advisory

Citrix Product Security Update Advisory