By rssfeeds-admin The flaw, tracked as CVE-2025-13878, affects widely-used versions of the BIND name server daemon.
Attack Vector
The vulnerability exists in BIND’s handling of malformed BRID (Boundary Router Identifier) and HHIT (Host Identity Tag) records.
When a vulnerable server processes these malicious records, the named daemon terminates unexpectedly rather than handling the error gracefully. This creates a reliable denial-of-service condition.
Attackers can exploit this vulnerability remotely without authentication or special privileges. Both authoritative DNS servers and recursive resolvers are affected, significantly expanding the potential attack surface.
The security flaw impacts multiple BIND 9 release branches across both stable and preview editions:
| BIND Edition | Vulnerable Versions | Patched Version |
|---|---|---|
| BIND 9 Stable | 9.18.40 through 9.18.43 | 9.18.44 |
| BIND 9 Stable | 9.20.13 through 9.20.17 | 9.20.18 |
| BIND 9 Development | 9.21.12 through 9.21.16 | 9.21.17 |
| BIND 9 Preview | 9.18.40-S1 through 9.18.43-S1 | 9.18.44-S1 |
| BIND 9 Preview | 9.20.13-S1 through 9.20.17-S1 | 9.20.18-S1 |
Organizations running any of these versions should treat this as an immediate patching priority.
| CVE ID | Description | Severity | CVSS Score | Attack Vector | Disclosed |
|---|---|---|---|---|---|
| CVE-2025-13878 | Malformed BRID/HHIT records cause named to terminate unexpectedly | High | 7.5 | Network/Remote | Jan 21, 2026 |
ISC assigned this vulnerability a CVSS v3.1 score of 7.5 (High severity). The complete vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, which indicates network-accessible exploitation with low complexity, no privileges required, and high impact on availability. No confidentiality or integrity impacts are present.
ISC has released security updates that address the malformed record handling vulnerability. System administrators must upgrade to the appropriate patched version immediately, as no workarounds exist.
- BIND 9.18 users: Upgrade to version 9.18.44
- BIND 9.20 users: Upgrade to version 9.20.18
- BIND 9.21 users: Upgrade to version 9.21.17
- Preview Edition users: Apply corresponding S1 patched releases
The vulnerability was discovered by Vlatko Kosturjak from Marlink Cyber and disclosed responsibly to ISC.
While no active exploits have been detected in the wild, the simplicity of exploitation combined with BIND’s widespread deployment makes this a critical patching priority.
Organizations should treat this as an emergency update for all affected DNS infrastructure.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.
The post BIND 9 Vulnerability Allows Attackers to Crash DNS Servers Using Malicious Records appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.