What is CVE-2025-40776?

CVE-2025-40776 is a high-severity vulnerability in Isc Bind 9, classified under CWE-349. CVSS score: 8.6/10. Published 2025-07-16.

How severe is CVE-2025-40776?

High severity. CVSS v3 base score is 8.6 out of 10.

Vulnerability in Isc Bind 9

CVE-2025-40776

A `named` caching resolver that is configured to send ECS (EDNS Client Subnet) options may be vulnerable to a cache-poisoning attack. This issue affects BIND 9 versions 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.37-S1, and 9.20…

EPSS: 0.000 (15.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.6 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N.

Affected products

Isc Bind 9 — versions 9.11.3-S1, 9.18.11-S1, 9.20.9-S1

Weakness classification (CWE)

CWE-349

References

CVE-2025-40776 (vendor-advisory)

Frequently asked questions

What is CVE-2025-40776?: CVE-2025-40776 is a high-severity vulnerability in Isc Bind 9, classified under CWE-349. CVSS score: 8.6/10. Published 2025-07-16.
How severe is CVE-2025-40776?: High severity. CVSS v3 base score is 8.6 out of 10.