In specific circumstances, due to a weakness in the Pseudo Random Number Generator (PRNG) that is used, it is possible for an attacker to predict the source port and query ID that BIND will use. This issue affects BIND 9 versions 9.16.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.16.8-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.

vendor_unpatched cve-2025-40780: Unpatched CVEs for Red Hat Enterprise Linux, CentOS Linux (cve-2025-40780)

The remote Fedora 44 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2025-5a73e9e251 advisory.

    # Update to 9.18.41 (rhbz#2405786)

    ## Security fixes:
    - DNSSEC validation fails if matching but invalid DNSKEY is found.
    ([CVE-2025-8677](https://kb.isc.org/docs/cve-2025-8677))
    - Address various spoofing attacks. ([CVE-2025-40778](https://kb.isc.org/docs/cve-2025-40778))
    - Cache-poisoning due to weak pseudo-random number generator.
    ([CVE-2025-40780](https://kb.isc.org/docs/cve-2025-40780))

    ## New Features:
    - Support for parsing HHIT and BRID records has been added.

    ## Removed Features:
    - Deprecate the tkey-domain statement.
    - Deprecate the tkey-gssapi-credential statement.

    ## Bug Fixes:
    - Prevent spurious SERVFAILs for certain 0-TTL resource records.
    - Missing DNSSEC information when CD bit is set in query.

    https://downloads.isc.org/isc/bind9/9.18.41/doc/arm/html/notes.html#notes-for-bind-9-18-41


Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

An update of the bindutils package has been released.

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6033 advisory.

    - -------------------------------------------------------------------------     Debian Security Advisory DSA-6033-1                   security@debian.org     https://www.debian.org/security/                       Moritz Muehlenhoff     October 23, 2025                      https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package        : bind9     CVE ID         : CVE-2025-8677 CVE-2025-40778 CVE-2025-40780

    Several vulnerabilities were discovered in BIND, a DNS server     implementation, which may result in cache poisoning or denial of service.

    For the oldstable distribution (bookworm), these problems have been fixed     in version 1:9.18.41-1~deb12u1.

    For the stable distribution (trixie), these problems have been fixed in     version 1:9.20.15-1~deb13u1.

    We recommend that you upgrade your bind9 packages.

    For the detailed security status of bind9 please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/bind9

    Further information about Debian Security Advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.04 / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7836-1 advisory.

    Zuyao Xu and Xiang Li discovered that Bind incorrectly handled certain malformed DNSKEY records. A remote     attacker could possibly use this issue to cause Bind to consume resources, resulting in a denial of     service. (CVE-2025-8677)

    Yuxiao Wu, Yunyi Zhang, Baojun Liu, and Haixin Duan discovered that Bind incorrectly accepted certain     records from answers. A remote attacker could possibly use this issue to perform a cache poisoning attack.
    (CVE-2025-40778)

    Amit Klein and Omer Ben Simhon discovered that Bind used a weak PRNG. A remote attacker could possibly use     this issue to perform a cache poisoning attack. (CVE-2025-40780)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of bind installed on the remote host is prior to 9.18.41 / 9.20.15. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2025-295-01 advisory.

    New bind packages are available for Slackware 15.0 and -current to fix security issues.

Tenable has extracted the preceding description block directly from the bind security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
271421	Fedora 44 : bind / bind-dyndb-ldap (2025-5a73e9e251)	Nessus	Fedora Local Security Checks	high
271399	Photon OS 5.0: Bindutils PHSA-2025-5.0-0652	Nessus	PhotonOS Local Security Checks	high
271361	Debian dsa-6033 : bind9 - security update	Nessus	Debian Local Security Checks	high
271258	Ubuntu 22.04 LTS / 24.04 LTS / 25.04 / 25.10 : Bind vulnerabilities (USN-7836-1)	Nessus	Ubuntu Local Security Checks	high
271217	Slackware Linux 15.0 / current bind Multiple Vulnerabilities (SSA:2025-295-01)	Nessus	Slackware Local Security Checks	high

Detections

Analytics

CVE-2025-40780

high

Tenable Plugins

Coming Soon

high

high

high

high

high