CVE 8.6 HIGH

Cache poisoning due to weak PRNG_CVE-2025-40780

October 22, 2025 invoker category_cve

8.6 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Description

In specific circumstances, due to a weakness in the Pseudo Random Number Generator (PRNG) that is used, it is possible for an attacker to predict the source port and query ID that BIND will use.
This issue affects BIND 9 versions 9.16.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.16.8-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.

AI Analysis

Cache poisoning vulnerability due to weak PRNG in BIND 9

Basic Information

ID CVE-2025-40780

Source isc

Published Oct 22, 2025 at 15:48

Modified Oct 22, 2025 at 17:27

Affected Product

Vendor ISC

Product BIND 9

Version 9.16.0

Affected Versions ISC BIND 9 9.16.0
ISC BIND 9 9.18.0
ISC BIND 9 9.20.0
ISC BIND 9 9.21.0
ISC BIND 9 9.16.8-S1
ISC BIND 9 9.18.11-S1
ISC BIND 9 9.20.9-S1

CWE Classification

CWE-341

AI Assessment

AI Score 8.6 / 10

AI Severity High

Vendor ISC

Product BIND 9

Version 9.16.0-9.16.50, 9.18.0-9.18.39, 9.20.0-9.20.13, 9.21.0-9.21.12, 9.16.8-S1-9.16.50-S1, 9.18.11-S1-9.18.39-S1, 9.20.9-S1-9.20.13-S1

References

kb.isc.org /docs/cve-2025-40780

{
    "lastseen": "",
    "description": "In specific circumstances, due to a weakness in the Pseudo Random Number Generator (PRNG) that is used, it is possible for an attacker to predict the source port and query ID that BIND will use.\nThis issue affects BIND 9 versions 9.16.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.16.8-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.",
    "published": "2025-10-22T15:48:27.146Z",
    "modified": "2025-10-22T17:27:49.476Z",
    "type": "cve",
    "title": "Cache poisoning due to weak PRNG",
    "source": "isc",
    "references": "https://kb.isc.org/docs/cve-2025-40780",
    "id": "CVE-2025-40780",
    "bulletinFamily": "",
    "cwe": [
        "CWE-341"
    ],
    "cvelist": null,
    "sourceData": "ISC BIND 9 9.16.0\nISC BIND 9 9.18.0\nISC BIND 9 9.20.0\nISC BIND 9 9.21.0\nISC BIND 9 9.16.8-S1\nISC BIND 9 9.18.11-S1\nISC BIND 9 9.20.9-S1",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "BIND 9",
    "version": "9.16.0",
    "vendor": "ISC",
    "ai_description": "Cache poisoning vulnerability due to weak PRNG in BIND 9",
    "ai_severity": "High",
    "ai_vendor": "ISC",
    "ai_product": "BIND 9",
    "ai_version": "9.16.0-9.16.50, 9.18.0-9.18.39, 9.20.0-9.20.13, 9.21.0-9.21.12, 9.16.8-S1-9.16.50-S1, 9.18.11-S1-9.18.39-S1, 9.20.9-S1-9.20.13-S1",
    "ai_score": 8.6
}

💭 Join the Security Discussion ❌ Cancel Reply