What is CVE-2025-40780?

CVE-2025-40780 is a high-severity vulnerability in Isc Bind 9, classified under CWE-341. CVSS score: 8.6/10. Published 2025-10-22.

How severe is CVE-2025-40780?

High severity. CVSS v3 base score is 8.6 out of 10.

Vulnerability in Isc Bind 9

CVE-2025-40780

In specific circumstances, due to a weakness in the Pseudo Random Number Generator (PRNG) that is used, it is possible for an attacker to predict the source port and query ID that BIND will use. This issue affects BIND 9 versions 9.16.0 th…

EPSS: 0.000 (7.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.6 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N.

Affected products

Isc Bind 9 — versions 9.16.0, 9.18.0, 9.20.0

Weakness classification (CWE)

CWE-341

References

CVE-2025-40780 (vendor-advisory)

Frequently asked questions

What is CVE-2025-40780?: CVE-2025-40780 is a high-severity vulnerability in Isc Bind 9, classified under CWE-341. CVSS score: 8.6/10. Published 2025-10-22.
How severe is CVE-2025-40780?: High severity. CVSS v3 base score is 8.6 out of 10.