706,000+ BIND 9 Resolver Instances Vulnerable to Cache Poisoning Exposed Online - PoC Released
Category:Vulnerabilities / DNS Security
A critical flaw, CVE-2025-40778, affects over 706,000 exposed BIND 9 resolver instances. The vulnerability enables off-path attackers to inject forged DNS records due to improper bailiwick checks. With a CVSS score of 8.6, it allows cache poisoning attacks redirecting users to malicious domains. Though no active exploitation has been confirmed, a proof-of-concept exploit was released, raising global urgency for patching. ISC advises immediate updates to versions 9.18.41 or later and restricting recursive queries to trusted clients.
CORTEX Protocol Intelligence Assessment
Business Impact: This DNS vulnerability exposes ISPs and enterprises to large-scale redirection and data theft risks. Critical infrastructure relying on recursive DNS may face disruption and traffic interception. Technical Context: Exploitation leverages cache poisoning by injecting unsolicited records via spoofed DNS responses. ISC’s patch strengthens bailiwick enforcement and response validation.
Strategic Intelligence Guidance
- Patch immediately to 9.18.41 or later.
- Restrict recursion to internal or ACL-approved clients.
- Enable DNSSEC validation across all resolvers.
- Monitor cache anomalies and enforce rate limiting.
CVEs
Vendors
Threats
Targets
Intelligence Source: 706,000+ BIND 9 Resolver Instances Vulnerable to Cache Poisoning Exposed Online - PoC Released | Oct 26, 2025