• Home
  • cyber
  • Internet Systems Consortium: BIND 9 Vulnerability Allows Attackers to Crash DNS Servers Using Malicious Records
cyber Vulnerability

Internet Systems Consortium: BIND 9 Vulnerability Allows Attackers to Crash DNS Servers Using Malicious Records

Jun 16, 2025 2 min read
Internet Systems Consortium: BIND 9 Vulnerability Allows Attackers to Crash DNS Servers Using Malicious Records

Critical BIND 9 Vulnerability (CVE-2025-13878) Enables Remote DNS Server Crashes

The Internet Systems Consortium (ISC) has disclosed a high-severity vulnerability in BIND 9, tracked as CVE-2025-13878, that allows remote attackers to crash DNS servers by sending malformed BRID (Boundary Router Identifier) and HHIT (Host Identity Tag) records. The flaw causes the named daemon to terminate unexpectedly, resulting in a denial-of-service (DoS) condition.

The vulnerability affects multiple BIND 9 release branches, including stable, development, and preview editions. Exploitation requires no authentication or special privileges, making it accessible to any attacker with network access. Both authoritative DNS servers and recursive resolvers are impacted, broadening the potential attack surface.

Affected Versions & Patches

The following BIND 9 versions are vulnerable, with patched releases available:

BIND Edition Vulnerable Versions Patched Version
BIND 9 Stable 9.18.40 – 9.18.43 9.18.44
BIND 9 Stable 9.20.13 – 9.20.17 9.20.18
BIND 9 Development 9.21.12 – 9.21.16 9.21.17
BIND 9 Preview 9.18.40-S1 – 9.18.43-S1 9.18.44-S1
BIND 9 Preview 9.20.13-S1 – 9.20.17-S1 9.20.18-S1

Technical Details

  • CVE ID: CVE-2025-13878
  • Severity: High (CVSS 7.5)
  • Attack Vector: Network/Remote (no authentication required)
  • Impact: Availability (DoS), no confidentiality or integrity risks
  • Disclosure Date: January 21, 2026

The vulnerability was discovered by Vlatko Kosturjak of Marlink Cyber and responsibly disclosed to ISC. While no active exploits have been observed, the ease of exploitation and BIND’s widespread use make this a critical patching priority. ISC has released fixes, and no workarounds exist affected systems must be upgraded immediately.

Source: https://cyberpress.org/bind-9-vulnerability/

Internet Systems Consortium cybersecurity rating report: https://www.rankiteo.com/company/internet-systems-consortium

"id": "INT1769088576",
"linkid": "internet-systems-consortium",
"type": "Vulnerability",
"date": "6/2025",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"
{'affected_entities': [{'customers_affected': 'Users of BIND 9 DNS servers '
                                              '(versions 9.18.40–9.18.43, '
                                              '9.20.13–9.20.17, '
                                              '9.21.12–9.21.16, '
                                              '9.18.40-S1–9.18.43-S1, '
                                              '9.20.13-S1–9.20.17-S1)',
                        'industry': 'Technology/Internet Infrastructure',
                        'name': 'Internet Systems Consortium (ISC)',
                        'type': 'Organization'}],
 'attack_vector': 'Network/Remote',
 'date_publicly_disclosed': '2026-01-21',
 'description': 'The Internet Systems Consortium (ISC) has disclosed a '
                'high-severity vulnerability in BIND 9, tracked as '
                'CVE-2025-13878, that allows remote attackers to crash DNS '
                'servers by sending malformed BRID (Boundary Router '
                'Identifier) and HHIT (Host Identity Tag) records. The flaw '
                'causes the named daemon to terminate unexpectedly, resulting '
                'in a denial-of-service (DoS) condition. The vulnerability '
                'affects multiple BIND 9 release branches, including stable, '
                'development, and preview editions. Exploitation requires no '
                'authentication or special privileges, making it accessible to '
                'any attacker with network access. Both authoritative DNS '
                'servers and recursive resolvers are impacted.',
 'impact': {'operational_impact': 'Denial-of-Service (DoS) condition',
            'systems_affected': 'DNS servers (authoritative and recursive '
                                'resolvers)'},
 'post_incident_analysis': {'corrective_actions': 'Patch management and '
                                                  'immediate upgrades to fixed '
                                                  'BIND 9 versions',
                            'root_causes': 'Malformed BRID and HHIT records '
                                           'causing unexpected termination of '
                                           'the named daemon'},
 'recommendations': 'Upgrade affected BIND 9 DNS servers to the latest patched '
                    'versions immediately. No workarounds exist for this '
                    'vulnerability.',
 'references': [{'source': 'Internet Systems Consortium (ISC)'},
                {'source': 'Vlatko Kosturjak of Marlink Cyber'}],
 'response': {'containment_measures': 'Upgrade to patched versions (9.18.44, '
                                      '9.20.18, 9.21.17, 9.18.44-S1, '
                                      '9.20.18-S1)',
              'remediation_measures': 'Apply patches for affected BIND 9 '
                                      'versions'},
 'title': 'Critical BIND 9 Vulnerability (CVE-2025-13878) Enables Remote DNS '
          'Server Crashes',
 'type': 'Denial-of-Service (DoS)',
 'vulnerability_exploited': 'CVE-2025-13878'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.