Initiatieven voor
Als nationale autoriteit voor cyberveiligheid heeft het CCB verschillende initiatieven ontwikkeld voor specifieke doelgroepen die hier worden gepresenteerd.
Warning: High-rated vulnerability in BIND 9 can lead to denial of service in DNS authoritative servers and resolvers, Patch Immediately!
Image
Gepubliceerd : 22/05/2025
Last update: 22/05/2025
Affected software:: BIND 9
Type: Denial of service
CVE/CVSS
→ CVE-2025-40775: CVSS 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Sources
https://kb.isc.org/docs/cve-2025-40775
Risks
On 21 May 2025, the Internet Systems Consortium (ISC) published a security advisory regarding CVE-2025-40775. This vulnerability affects BIND 9 and can be exploited to perform denial of service. Exploitation of this vulnerability can have a high impact on availability.
BIND is the most used software for Domain Name System (DNS) servers. DNS is a core technology of the internet as it translates human-readable domain names into IP addresses and vice-versa.
There is a flaw in BIND 9 that affects authoritative servers and resolvers. When successfully exploited, servers and resolvers could crash. A remote threat actor could exploit this vulnerability to prevent users from reaching their desired internet resources.
ISC is not aware of active exploitation (cut-off date: 22 May 2025).
Description
CVE-2025-40775 is an improper handling of undefined values flaw affecting BIND 9. This flaw lies in the way that the DNS protocol checks the Transaction Signature (TSIG) value included in incoming messages. When an incoming DNS protocol message includes a Transaction Signature (TSIG), BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately aborts with an assertion failure.
A remote attacker could exploit this vulnerability to send specific messages to the BIND server so as to cause it to terminate unexpectedly.
Please note that authoritative servers and resolvers are affected by this vulnerability.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
No workarounds are known (cut-off date: 22 May 2025).
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via:< https://ccb.belgium.be/cert/report-incident>.