ISC Patches BIND Flaws Enabling DNS Cache Attacks
The Internet Systems Consortium has rolled out security updates for BIND 9, addressing three high-severity vulnerabilities that could allow attackers to launch cache poisoning and denial-of-service attacks. The ISC Patches BIND Flaws to prevent exploitation of these issues, which pose significant risks to DNS infrastructure if left unpatched.
Among the disclosed vulnerabilities are CVE-2025-40777 and CVE-2025-40778, both of which could enable attackers to manipulate DNS cache entries. Another flaw, CVE-2025-40780, could be exploited to crash affected servers, triggering service disruptions. In total, ISC acknowledged and patched nine vulnerabilities, signaling a broad effort to strengthen BIND 9’s security posture.
Administrators are urged to apply the latest updates without delay, as the ISC Patches BIND Flaws to mitigate active threats targeting widely deployed DNS servers. Failing to update may leave systems exposed to manipulation and outages.
For a detailed breakdown of the vulnerabilities and patch information, visit the official article: