Vulnerabilities
Misconfiguration
Compliance
CVE Vulnerabilities

CVE-2025-5994

Acceptance of Extraneous Untrusted Data With Trusted Data

Published: Jul 16, 2025 | Modified: Jul 17, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
7.5 IMPORTANT
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Ubuntu
MEDIUM
Vulnerability-free packages from our partners
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2025-5994
CWEhttps://cwe.mitre.org/data/definitions/349.html

A multi-vendor cache poisoning vulnerability named Rebirthday Attack has been discovered in caching resolvers that support EDNS Client Subnet (ECS). Unbound is also vulnerable when compiled with ECS support, i.e., –enable-subnet, AND configured to send ECS information along with queries to upstream name servers, i.e., at least one of the send-client-subnet, client-subnet-zone or client-subnet-always-forward options is used. Resolvers supporting ECS need to segregate outgoing queries to accommodate for different outgoing ECS information. This re-opens up resolvers to a birthday paradox attack (Rebirthday Attack) that tries to match the DNS transaction ID in order to cache non-ECS poisonous replies.

Weakness

The product, when processing trusted data, accepts any untrusted data that is also included with the trusted data, treating the untrusted data as if it were trusted.

Affected Software

Name Vendor Start Version End Version
Red Hat Enterprise Linux 10 RedHat unbound-0:1.20.0-12.el10_0 *
Red Hat Enterprise Linux 8 RedHat unbound-0:1.16.2-5.9.el8_10 *
Red Hat Enterprise Linux 8.2 Advanced Update Support RedHat unbound-0:1.7.3-12.el8_2.2 *
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support RedHat unbound-0:1.7.3-15.el8_4.2 *
Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On RedHat unbound-0:1.7.3-15.el8_4.2 *
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support RedHat unbound-0:1.7.3-17.el8_6.6 *
Red Hat Enterprise Linux 8.6 Telecommunications Update Service RedHat unbound-0:1.7.3-17.el8_6.6 *
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions RedHat unbound-0:1.7.3-17.el8_6.6 *
Red Hat Enterprise Linux 8.8 Telecommunications Update Service RedHat unbound-0:1.16.2-5.el8_8.5 *
Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions RedHat unbound-0:1.16.2-5.el8_8.5 *
Red Hat Enterprise Linux 9 RedHat unbound-0:1.16.2-19.el9_6.1 *
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions RedHat unbound-0:1.13.1-13.el9_0.5 *
Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions RedHat unbound-0:1.16.2-3.el9_2.5 *
Red Hat Enterprise Linux 9.4 Extended Update Support RedHat unbound-0:1.16.2-8.el9_4.2 *
Red Hat OpenShift Container Platform 4.13 RedHat rhcos *
Red Hat OpenShift Container Platform 4.14 RedHat rhcos *
Red Hat OpenShift Container Platform 4.17 RedHat rhcos *
Red Hat OpenShift Container Platform 4.18 RedHat rhcos *
Red Hat OpenShift Container Platform 4.19 RedHat rhcos *
Red Hat OpenShift Container Platform 4.20 RedHat rhcos *
Unbound Ubuntu devel *
Unbound Ubuntu jammy *
Unbound Ubuntu noble *
Unbound Ubuntu plucky *
Unbound Ubuntu questing *
Unbound Ubuntu upstream *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2025 Aqua Security Software Ltd.   Privacy Policy | Terms of Use