The flaw, tracked as CVE-2025-13878, affects widely-used versions of the BIND name server daemon.
The vulnerability exists in BIND’s handling of malformed BRID (Boundary Router Identifier) and HHIT (Host Identity Tag) records.
When a vulnerable server processes these malicious records, the named daemon terminates unexpectedly rather than handling the error gracefully. This creates a reliable denial-of-service condition.
Attackers can exploit this vulnerability remotely without authentication or special privileges. Both authoritative DNS servers and recursive resolvers are affected, significantly expanding the potential attack surface.
The security flaw impacts multiple BIND 9 release branches across both stable and preview editions:
| BIND Edition | Vulnerable Versions | Patched Version |
|---|---|---|
| BIND 9 Stable | 9.18.40 through 9.18.43 | 9.18.44 |
| BIND 9 Stable | 9.20.13 through 9.20.17 | 9.20.18 |
| BIND 9 Development | 9.21.12 through 9.21.16 | 9.21.17 |
| BIND 9 Preview | 9.18.40-S1 through 9.18.43-S1 | 9.18.44-S1 |
| BIND 9 Preview | 9.20.13-S1 through 9.20.17-S1 | 9.20.18-S1 |
Organizations running any of these versions should treat this as an immediate patching priority.
| CVE ID | Description | Severity | CVSS Score | Attack Vector | Disclosed |
|---|---|---|---|---|---|
| CVE-2025-13878 | Malformed BRID/HHIT records cause named to terminate unexpectedly | High | 7.5 | Network/Remote | Jan 21, 2026 |
ISC assigned this vulnerability a CVSS v3.1 score of 7.5 (High severity). The complete vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, which indicates network-accessible exploitation with low complexity, no privileges required, and high impact on availability. No confidentiality or integrity impacts are present.
ISC has released security updates that address the malformed record handling vulnerability. System administrators must upgrade to the appropriate patched version immediately, as no workarounds exist.
The vulnerability was discovered by Vlatko Kosturjak from Marlink Cyber and disclosed responsibly to ISC.
While no active exploits have been detected in the wild, the simplicity of exploitation combined with BIND’s widespread deployment makes this a critical patching priority.
Organizations should treat this as an emergency update for all affected DNS infrastructure.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.
The post BIND 9 Vulnerability Allows Attackers to Crash DNS Servers Using Malicious Records appeared first on Cyber Security News.
ROCKFORD, Ill. (WTVO) — The Community Action Garden grants are now available for all neighborhood,…
Illinois Lt. Gov. Juliana Stratton, backed by Gov. J.B. Pritzker, will face Republican Don Tracy…
The U.S. Capitol on March 3, 2026. (Photo by Jennifer Shutt/States Newsroom)WASHINGTON — U.S. Senate…
The Belvidere School Board has released survey regarding their Masters Facility Plans. A big question…
Darren Bailey has won the Republican nomination for Illinois Governor, promising to cut taxes, reduce…
The new trailer for Dune: Part 3 just dropped and it looks incredible. The third…
This website uses cookies.