CVE-2025-59029

EUVD-2025-201911
An attacker can trigger an assertion failure by requesting crafted DNS records, waiting for them to be inserted into the records cache, then send a query with qtype set to ANY.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
OXCNA
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
powerdnsrecursor
5.3.0
powerdnsrecursor
5.3.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
pdns-recursor
bookworm
4.8.8-1+deb12u1
not-affected
bookworm (security)
4.8.8-1+deb12u1
fixed
bullseye
4.4.2-3
not-affected
forky
5.3.5-1
fixed
sid
5.3.5-1
fixed
trixie
5.2.7-0+deb13u1
not-affected
trixie (security)
5.2.8-0+deb13u1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
pdns-recursor
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
plucky
ignored
questing
needs-triage
xenial
needs-triage
Common Weakness Enumeration
References
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2025-07.html