{
  "threat_severity" : "Important",
  "public_date" : "2025-10-22T00:00:00Z",
  "bugzilla" : {
    "description" : "bind: Cache poisoning attacks with unsolicited RRs",
    "id" : "2405827",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2405827"
  },
  "cvss3" : {
    "cvss3_base_score" : "8.6",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-347",
  "details" : [ "Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache.\nThis issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.", "A vulnerability exists in BIND’s DNS resolver logic that makes it overly permissive when accepting resource records (RRs) in responses. Under certain conditions, this flaw allows attackers to inject unsolicited or forged DNS records into the cache. This can be exploited to poison the resolver cache, redirecting clients to malicious domains or unauthorized servers." ],
  "statement" : "It is classified as Important rather than Critical because its impact is limited to cache poisoning within recursive resolvers and does not allow direct code execution, privilege escalation, or service disruption. The vulnerability affects the accuracy of DNS responses, but not the availability or confidentiality of systems. Additionally, DNSSEC-enabled deployments and restricted recursive access can significantly mitigate exploitation risks. Therefore, while the flaw can misdirect network traffic and compromise trust in name resolution, it does not directly compromise the underlying server or client systems, justifying an Important — but not Critical — severity rating.\nTechnical Analysis:\nThe issue arises because BIND fails to strictly validate unsolicited resource records accompanying legitimate DNS responses. This gap allows forged recursive resolvers to be cached as valid entries. Since the attack is remote, requires no authentication, and exploits a low-complexity vector, it is highly impactful in recursive resolver environments—especially those exposed to untrusted clients or open resolvers.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "release_date" : "2025-11-06T00:00:00Z",
    "advisory" : "RHSA-2025:19912",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10.0",
    "package" : "bind-32:9.18.33-4.el10_0.2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10",
    "release_date" : "2025-11-11T00:00:00Z",
    "advisory" : "RHSA-2025:21034",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10.1",
    "package" : "bind-32:9.18.33-10.el10_1.2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6 Extended Lifecycle Support  - EXTENSION",
    "release_date" : "2025-12-17T00:00:00Z",
    "advisory" : "RHSA-2025:23414",
    "cpe" : "cpe:/o:redhat:rhel_els:6",
    "package" : "bind-32:9.8.2-0.68.rc1.el6_10.17"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
    "release_date" : "2025-11-26T00:00:00Z",
    "advisory" : "RHSA-2025:22205",
    "cpe" : "cpe:/o:redhat:rhel_els:7",
    "package" : "bind-32:9.11.4-26.P2.el7_9.19"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2025-11-05T00:00:00Z",
    "advisory" : "RHSA-2025:19793",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "bind9.16-32:9.16.23-0.22.el8_10.4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2025-11-06T00:00:00Z",
    "advisory" : "RHSA-2025:19835",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "bind-32:9.11.36-16.el8_10.6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2025-11-06T00:00:00Z",
    "advisory" : "RHSA-2025:19835",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "bind-32:9.11.36-16.el8_10.6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Advanced Update Support",
    "release_date" : "2025-11-19T00:00:00Z",
    "advisory" : "RHSA-2025:21741",
    "cpe" : "cpe:/a:redhat:rhel_aus:8.2",
    "package" : "bind-32:9.11.13-6.el8_2.11"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
    "release_date" : "2025-11-19T00:00:00Z",
    "advisory" : "RHSA-2025:21740",
    "cpe" : "cpe:/a:redhat:rhel_aus:8.4",
    "package" : "bind-32:9.11.26-4.el8_4.8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
    "release_date" : "2025-11-19T00:00:00Z",
    "advisory" : "RHSA-2025:21740",
    "cpe" : "cpe:/a:redhat:rhel_eus_long_life:8.4",
    "package" : "bind-32:9.11.26-4.el8_4.8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
    "release_date" : "2025-11-19T00:00:00Z",
    "advisory" : "RHSA-2025:21736",
    "cpe" : "cpe:/a:redhat:rhel_aus:8.6",
    "package" : "bind-32:9.11.36-3.el8_6.11"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
    "release_date" : "2025-11-26T00:00:00Z",
    "advisory" : "RHSA-2025:22168",
    "cpe" : "cpe:/a:redhat:rhel_aus:8.6",
    "package" : "bind9.16-32:9.16.23-0.7.el8_6.9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
    "release_date" : "2025-11-19T00:00:00Z",
    "advisory" : "RHSA-2025:21736",
    "cpe" : "cpe:/a:redhat:rhel_tus:8.6",
    "package" : "bind-32:9.11.36-3.el8_6.11"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
    "release_date" : "2025-11-26T00:00:00Z",
    "advisory" : "RHSA-2025:22168",
    "cpe" : "cpe:/a:redhat:rhel_tus:8.6",
    "package" : "bind9.16-32:9.16.23-0.7.el8_6.9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
    "release_date" : "2025-11-19T00:00:00Z",
    "advisory" : "RHSA-2025:21736",
    "cpe" : "cpe:/a:redhat:rhel_e4s:8.6",
    "package" : "bind-32:9.11.36-3.el8_6.11"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
    "release_date" : "2025-11-26T00:00:00Z",
    "advisory" : "RHSA-2025:22168",
    "cpe" : "cpe:/a:redhat:rhel_e4s:8.6",
    "package" : "bind9.16-32:9.16.23-0.7.el8_6.9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
    "release_date" : "2025-11-19T00:00:00Z",
    "advisory" : "RHSA-2025:21735",
    "cpe" : "cpe:/a:redhat:rhel_tus:8.8",
    "package" : "bind-32:9.11.36-8.el8_8.8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
    "release_date" : "2025-11-24T00:00:00Z",
    "advisory" : "RHSA-2025:21939",
    "cpe" : "cpe:/a:redhat:rhel_tus:8.8",
    "package" : "bind9.16-32:9.16.23-0.14.el8_8.7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
    "release_date" : "2025-11-19T00:00:00Z",
    "advisory" : "RHSA-2025:21735",
    "cpe" : "cpe:/a:redhat:rhel_e4s:8.8",
    "package" : "bind-32:9.11.36-8.el8_8.8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
    "release_date" : "2025-11-24T00:00:00Z",
    "advisory" : "RHSA-2025:21939",
    "cpe" : "cpe:/a:redhat:rhel_e4s:8.8",
    "package" : "bind9.16-32:9.16.23-0.14.el8_8.7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-11-10T00:00:00Z",
    "advisory" : "RHSA-2025:19950",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "bind9.18-32:9.18.29-4.el9_6.2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-11-10T00:00:00Z",
    "advisory" : "RHSA-2025:19951",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "bind-32:9.16.23-31.el9_6.2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-11-12T00:00:00Z",
    "advisory" : "RHSA-2025:21110",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "bind-32:9.16.23-34.el9_7.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-11-12T00:00:00Z",
    "advisory" : "RHSA-2025:21111",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "bind9.18-32:9.18.29-5.el9_7.2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
    "release_date" : "2025-11-20T00:00:00Z",
    "advisory" : "RHSA-2025:21889",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.0",
    "package" : "bind-32:9.16.23-1.el9_0.11"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
    "release_date" : "2025-11-20T00:00:00Z",
    "advisory" : "RHSA-2025:21887",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.2",
    "package" : "bind-32:9.16.23-11.el9_2.9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support",
    "release_date" : "2025-11-20T00:00:00Z",
    "advisory" : "RHSA-2025:21817",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.4",
    "package" : "bind-32:9.16.23-18.el9_4.10"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.12",
    "release_date" : "2026-01-15T00:00:00Z",
    "advisory" : "RHSA-2026:0316",
    "cpe" : "cpe:/a:redhat:openshift:4.12::el8",
    "package" : "rhcos-412.86.202601061735-0"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.13",
    "release_date" : "2026-01-22T00:00:00Z",
    "advisory" : "RHSA-2026:0677",
    "cpe" : "cpe:/a:redhat:openshift:4.13::el9",
    "package" : "rhcos-413.92.202601130113-0"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.14",
    "release_date" : "2026-01-30T00:00:00Z",
    "advisory" : "RHSA-2026:0996",
    "cpe" : "cpe:/a:redhat:openshift:4.14::el9",
    "package" : "rhcos-414.92.202601191325-0"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.15",
    "release_date" : "2026-02-05T00:00:00Z",
    "advisory" : "RHSA-2026:1541",
    "cpe" : "cpe:/a:redhat:openshift:4.15::el9",
    "package" : "rhcos-415.92.202601271320-0"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.16",
    "release_date" : "2026-01-15T00:00:00Z",
    "advisory" : "RHSA-2026:0326",
    "cpe" : "cpe:/a:redhat:openshift:4.16::el9",
    "package" : "rhcos-416.94.202601071926-0"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.17",
    "release_date" : "2026-01-22T00:00:00Z",
    "advisory" : "RHSA-2026:0702",
    "cpe" : "cpe:/a:redhat:openshift:4.17::el9",
    "package" : "rhcos-417.94.202601120213-0"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.18",
    "release_date" : "2026-01-15T00:00:00Z",
    "advisory" : "RHSA-2026:0332",
    "cpe" : "cpe:/a:redhat:openshift:4.18::el9",
    "package" : "rhcos-418.94.202601071817-0"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.19",
    "release_date" : "2026-01-22T00:00:00Z",
    "advisory" : "RHSA-2026:0674",
    "cpe" : "cpe:/a:redhat:openshift:4.19::el9",
    "package" : "rhcos-4.19.9.6.202601130152-0"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.20",
    "release_date" : "2026-01-14T00:00:00Z",
    "advisory" : "RHSA-2026:0420",
    "cpe" : "cpe:/a:redhat:openshift:4.20::el9",
    "package" : "rhcos-4.20.9.6.202601052146-0"
  }, {
    "product_name" : "RHOSS-1.36-RHEL-8",
    "release_date" : "2026-01-22T00:00:00Z",
    "advisory" : "RHSA-2026:0934",
    "cpe" : "cpe:/a:redhat:openshift_serverless:1.36::el8",
    "package" : "openshift-serverless-1/logic-data-index-ephemeral-rhel8:1.36.0-11"
  }, {
    "product_name" : "RHOSS-1.36-RHEL-8",
    "release_date" : "2026-01-22T00:00:00Z",
    "advisory" : "RHSA-2026:0934",
    "cpe" : "cpe:/a:redhat:openshift_serverless:1.36::el8",
    "package" : "openshift-serverless-1/logic-data-index-postgresql-rhel8:1.36.0-11"
  }, {
    "product_name" : "RHOSS-1.36-RHEL-8",
    "release_date" : "2026-01-22T00:00:00Z",
    "advisory" : "RHSA-2026:0934",
    "cpe" : "cpe:/a:redhat:openshift_serverless:1.36::el8",
    "package" : "openshift-serverless-1/logic-db-migrator-tool-rhel8:1.36.0-11"
  }, {
    "product_name" : "RHOSS-1.36-RHEL-8",
    "release_date" : "2026-01-22T00:00:00Z",
    "advisory" : "RHSA-2026:0934",
    "cpe" : "cpe:/a:redhat:openshift_serverless:1.36::el8",
    "package" : "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8:1.36.0-10"
  }, {
    "product_name" : "RHOSS-1.36-RHEL-8",
    "release_date" : "2026-01-22T00:00:00Z",
    "advisory" : "RHSA-2026:0934",
    "cpe" : "cpe:/a:redhat:openshift_serverless:1.36::el8",
    "package" : "openshift-serverless-1/logic-jobs-service-postgresql-rhel8:1.36.0-10"
  }, {
    "product_name" : "RHOSS-1.36-RHEL-8",
    "release_date" : "2026-01-22T00:00:00Z",
    "advisory" : "RHSA-2026:0934",
    "cpe" : "cpe:/a:redhat:openshift_serverless:1.36::el8",
    "package" : "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8:1.36.0-4"
  }, {
    "product_name" : "RHOSS-1.36-RHEL-8",
    "release_date" : "2026-01-22T00:00:00Z",
    "advisory" : "RHSA-2026:0934",
    "cpe" : "cpe:/a:redhat:openshift_serverless:1.36::el8",
    "package" : "openshift-serverless-1/logic-management-console-rhel8:1.36.0-9"
  }, {
    "product_name" : "RHOSS-1.36-RHEL-8",
    "release_date" : "2026-01-22T00:00:00Z",
    "advisory" : "RHSA-2026:0934",
    "cpe" : "cpe:/a:redhat:openshift_serverless:1.36::el8",
    "package" : "openshift-serverless-1/logic-operator-bundle:1.36.0-12"
  }, {
    "product_name" : "RHOSS-1.36-RHEL-8",
    "release_date" : "2026-01-22T00:00:00Z",
    "advisory" : "RHSA-2026:0934",
    "cpe" : "cpe:/a:redhat:openshift_serverless:1.36::el8",
    "package" : "openshift-serverless-1/logic-rhel8-operator:1.36.0-18"
  }, {
    "product_name" : "RHOSS-1.36-RHEL-8",
    "release_date" : "2026-01-22T00:00:00Z",
    "advisory" : "RHSA-2026:0934",
    "cpe" : "cpe:/a:redhat:openshift_serverless:1.36::el8",
    "package" : "openshift-serverless-1/logic-swf-builder-rhel8:1.36.0-11"
  }, {
    "product_name" : "RHOSS-1.36-RHEL-8",
    "release_date" : "2026-01-22T00:00:00Z",
    "advisory" : "RHSA-2026:0934",
    "cpe" : "cpe:/a:redhat:openshift_serverless:1.36::el8",
    "package" : "openshift-serverless-1/logic-swf-devmode-rhel8:1.36.0-7"
  }, {
    "product_name" : "Red Hat Discovery 2",
    "release_date" : "2025-11-24T00:00:00Z",
    "advisory" : "RHSA-2025:21994",
    "cpe" : "cpe:/a:redhat:discovery:2::el9",
    "package" : "discovery/discovery-ui-rhel9:sha256:310df392f638ef6eca1a26db024ae2cb617db5932f886d2acddc92fb7289e740"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "dhcp",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-40778\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-40778" ],
  "name" : "CVE-2025-40778",
  "mitigation" : {
    "value" : "While it is not possible to eliminate risk from this vulnerability, there are several options for reducing the risk. These include restricting recursive queries to trusted or internal networks only, and apply rate limiting or firewall rules to prevent excessive or repetitive requests. Enabling DNSSEC validation helps reject forged records, while isolating recursive resolvers from authoritative servers limits the impact of potential cache poisoning. Active monitoring of CPU usage, query volume, and cache anomalies can provide early warning of abuse or attacks.",
    "lang" : "en:us"
  },
  "csaw" : false
}