CVE-2025-8677

HIGH

BIND <9.18.40-9.21.13 - DoS

Title source: llm

Description

Querying for records within a specially crafted zone containing certain malformed DNSKEY records can lead to CPU exhaustion. This issue affects BIND 9 versions 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.

References (2)

[Various Sources] https://kb.isc.org/docs/cve-2025-8677

[Mailing List] http://www.openwall.com/lists/oss-security/2025/10/22/1

Scores

CVSS v3 7.5

EPSS 0.0008

EPSS Percentile 24.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-405

Status published

Products (5)

ISC/BIND 9 9.18.0 - 9.18.39

ISC/BIND 9 9.18.11-S1 - 9.18.39-S1

ISC/BIND 9 9.20.0 - 9.20.13

ISC/BIND 9 9.20.9-S1 - 9.20.13-S1

ISC/BIND 9 9.21.0 - 9.21.12

Published Oct 22, 2025

Tracked Since Feb 18, 2026