Cache poisoning vulnerabilities found in 2 DNS resolving apps

Published: October 22, 2025

Source: Ars Technica

Categories: AR/VR
Tags: ai more resolving standard text vulnerabilities
Cyber security concept. Man using computer with system hacked alert due to cyber attack on computer network. Data Protection. Internet virus cyber security and cybercrime

Text settings Story text Size Small Standard Large Width * Standard Wide Links Standard Orange * Subscribers only   Learn more Minimize to nav The makers of BIND, the Internet’s most widely used software for resolving domain names, are warning of two vulnerabilities that allow attackers to poison entire caches of results and send users to malicious destinations that are indistinguishable from the real ones. The vulnerabilities, tracked as CVE-2025-40778 and CVE-2025-40780, stem from a logic error and a weakness in generating pseudo-random numbers, respectively. They each carry a severity rating of 8.6. Separately, makers of the Domain Name System resolver software Unbound warned of similar vulnerabilities that were reported by the same…

Read more on Ars Technica

Related Articles