The makers of the BIND DNS resolver warned on Wednesday of two vulnerabilities that can allow attackers to poison resolver caches and redirect users to malicious IP addresses. The flaws are tracked as CVE-2025-40778 and CVE-2025-40780, each assigned a severity of 8.6. Developers of the Unbound resolver issued a related warning about a separate flaw reported by the same researchers.
Successful exploitation can cause resolvers to replace legitimate IP addresses with attacker-controlled addresses and serve those results to all clients that rely on the resolver; the article notes this could substitute, for example, the operator-controlled IP for arstechnica.com with a malicious address. Patches for the three reported vulnerabilities were released on Wednesday and operators were urged to install them promptly.
The flaws revive concerns tied to the 2008 DNS cache poisoning disclosure by Dan Kaminsky, which exploited limited entropy in DNS transaction identifiers. DNS historically used one-way UDP packets (UDP packets) without authentication, leaving resolvers to rely on a 16-bit transaction ID and randomized source ports to validate responses; those changes made large-scale spoofing far more difficult.
BIND developers said one reported issue, CVE-2025-40780, stems from a weakness in the pseudo-random number generator that can, in specific conditions, allow an attacker to predict the source port and query ID a resolver will use. The other reported issue, CVE-2025-40778, involves a logic error that can make BIND permissive when accepting records, enabling forged data to be injected into cache during a query if other conditions are met.
Vendors and observers noted limits on the potential impact. Authoritative name servers are not affected, and mitigations such as DNSSEC, rate limiting and firewalling remain in place. Red Hat said exploitation is non-trivial, requires network-level spoofing and precise timing, and classified CVE-2025-40780 as Important rather than Critical.
Because exploitation requires spoofing and timing precision and affects cache integrity without compromising servers, administrators are advised to apply the available patches and maintain other best practices.