The flaw, tracked as CVE-2025-13878, affects widely-used versions of the BIND name server daemon.
The vulnerability exists in BIND’s handling of malformed BRID (Boundary Router Identifier) and HHIT (Host Identity Tag) records.
When a vulnerable server processes these malicious records, the named daemon terminates unexpectedly rather than handling the error gracefully. This creates a reliable denial-of-service condition.
Attackers can exploit this vulnerability remotely without authentication or special privileges. Both authoritative DNS servers and recursive resolvers are affected, significantly expanding the potential attack surface.
The security flaw impacts multiple BIND 9 release branches across both stable and preview editions:
| BIND Edition | Vulnerable Versions | Patched Version |
|---|---|---|
| BIND 9 Stable | 9.18.40 through 9.18.43 | 9.18.44 |
| BIND 9 Stable | 9.20.13 through 9.20.17 | 9.20.18 |
| BIND 9 Development | 9.21.12 through 9.21.16 | 9.21.17 |
| BIND 9 Preview | 9.18.40-S1 through 9.18.43-S1 | 9.18.44-S1 |
| BIND 9 Preview | 9.20.13-S1 through 9.20.17-S1 | 9.20.18-S1 |
Organizations running any of these versions should treat this as an immediate patching priority.
| CVE ID | Description | Severity | CVSS Score | Attack Vector | Disclosed |
|---|---|---|---|---|---|
| CVE-2025-13878 | Malformed BRID/HHIT records cause named to terminate unexpectedly | High | 7.5 | Network/Remote | Jan 21, 2026 |
ISC assigned this vulnerability a CVSS v3.1 score of 7.5 (High severity). The complete vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, which indicates network-accessible exploitation with low complexity, no privileges required, and high impact on availability. No confidentiality or integrity impacts are present.
ISC has released security updates that address the malformed record handling vulnerability. System administrators must upgrade to the appropriate patched version immediately, as no workarounds exist.
The vulnerability was discovered by Vlatko Kosturjak from Marlink Cyber and disclosed responsibly to ISC.
While no active exploits have been detected in the wild, the simplicity of exploitation combined with BIND’s widespread deployment makes this a critical patching priority.
Organizations should treat this as an emergency update for all affected DNS infrastructure.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.
The post BIND 9 Vulnerability Allows Attackers to Crash DNS Servers Using Malicious Records appeared first on Cyber Security News.
The complexity of modern software development requires security to be deeply embedded within the engineering…
Epic Games developer Psyonix has published a sneak peek at an updated version of Rocket…
IO Interactive has published a portion of the opening mission from 007 First Light after…
Far in the distant future, long after the human race has spread itself among the…
This website uses cookies.