BIND Flaws Revive DNS Cache Poisoning Threat

Security researchers have uncovered cache poisoning vulnerabilities in two DNS-resolving applications, raising concerns about the return of a once-notorious attack method. The flaws, detailed under CVE-2025-40780, CVE-2025-40778, and CVE-2025-11411, affect BIND, the most widely used DNS software. These BIND flaws revive DNS threats similar to those addressed in 2008, when a major vulnerability led to widespread DNS patching and mitigation efforts.

The newly disclosed bugs could allow attackers to inject malicious data into DNS caches, potentially redirecting users to harmful sites. According to the disclosure, at least one of the vulnerabilities could undermine the protections built after the 2008 incident. As BIND flaws revive DNS risk scenarios once thought resolved, system administrators are being urged to apply security updates promptly and monitor for abnormal DNS behavior.

To access the full article and explore technical details of the vulnerabilities, visit the official report at:
https://arstechnica.com/security/2025/10/bind-warns-of-bugs-that-could-bring-dns-cache-attack-back-from-the-dead/