BIND DNS Security Update Advisory (CVE-2025-40778)

Overview

 

We have released a security update to address a vulnerability in BIND DNS. Affected product users are advised to update to the latest version.
 

 

Affected Products

 

CVE-2025-40778

 

BIND 9 Versions: 9.11.0 and earlier and 9.16.50 and earlier
BIND 9 Versions: 9.18.0 or later and 9.18.39 or earlier
BIND 9 Versions: 9.20.0 or later and 9.20.13 or earlier
BIND 9 versions: 9.21.0 or later and 9.21.12 or earlier
BIND 9 Supported Preview Edition versions: 9.11.3-S1 or later and 9.16.50-S1 or earlier
BIND 9 Supported Preview Edition versions: 9.18.11-S1 or later and 9.18.39-S1 or earlier
BIND 9 Supported Preview Edition versions: 9.20.9-S1 or later and 9.20.13-S1 or earlier

 

 

Resolved Vulnerabilities

 

Cache Data Forgery Vulnerability in BIND (CVE-2025-40778)

 

 

Vulnerability Patches

Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2025-40778

 

BIND 9 Version: 9.18.41
BIND 9 Version: 9.20.15
BIND 9 Version: 9.21.14
BIND 9 Supported Preview Edition Version: 9.18.41-S1
BIND 9 Supported Preview Edition Version: 9.20.15-S1

 

 

References

 

[1] CVE-2025-40778: Cache poisoning attacks with unsolicited RRs
https://kb.isc.org/docs/cve-2025-40778