CVE-2025-40778 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.6 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
isc	CNA	8.6 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
CISA-ADP	ADP	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Debian Releases

Debian Product

Codename

bind9

bullseye	vulnerable
bullseye (security)	vulnerable
bookworm	vulnerable
bookworm (security)	1:9.18.41-1~deb12u1 fixed
trixie	vulnerable
trixie (security)	1:9.20.15-1~deb13u1 fixed
forky	1:9.20.15-1 fixed
sid	1:9.20.15-2 fixed

Common Weakness Enumeration

CWE-349 - Acceptance of Extraneous Untrusted Data With Trusted Data
The software, when processing trusted data, accepts any untrusted data that is also included with the trusted data, treating the untrusted data as if it were trusted.

Vulnerability Media Exposure

[GERMAN] Internet Systems Consortium BIND: Mehrere Schwachstellen
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Internet Systems Consortium BIND ausnutzen, um Dateien zu manipulieren und um einen Denial-of-Service-Zustand zu verursachen.
Published: 2025-10-22T22:00:00+00:00
[ENGLISH] ⚡ Weekly Recap: WSUS Exploited, LockBit 5.0 Returns, Telegram Backdoor, F5 Breach Widens
Security, trust, and stability — once the pillars of our digital world — are now the tools attackers turn against us. From stolen accounts to fake job offers, cybercriminals keep finding new ways to exploit both system flaws and human behavior. Each new breach proves a harsh truth: in cybersecurity, feeling safe can be far more dangerous than being alert. Here’s how that false sense of security
Published: 2025-10-27T18:21:00+05:30
[GERMAN] BSI warnt vor Bind-Lücke: Daten unzähliger DNS-Server manipulierbar
Angreifer können via Cache-Poisoning Datenverkehr auf eigene Domains umleiten. Allein in Deutschland sind laut BSI rund 40.000 DNS-Server anfällig. ( Sicherheitslücke , Server-Applikationen )
Published: 2025-10-29T11:06:08+01:00
[GERMAN] DNS-Server BIND: Gefahr durch Proof-of-Concept-Exploit für Sicherheitslücke
Im DNS-Server BIND klaffen drei Sicherheitslücken. Ein öffentlicher Proof-of-Concept macht Angriffe wahrscheinlicher.
Published: 2025-10-29T07:42:00+00:00

References

https://kb.isc.org/docs/cve-2025-40778

https://gist.github.com/N3mes1s/f76b4a606308937b0806a5256bc1f918