CVE Vulnerabilities

CVE-2025-8677

Asymmetric Resource Consumption (Amplification)

Published: Oct 22, 2025 | Modified: Jun 17, 2026
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
7.5 IMPORTANT
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Ubuntu
MEDIUM
root.io logo minimus.io logo echo.ai logo

Querying for records within a specially crafted zone containing certain malformed DNSKEY records can lead to CPU exhaustion. This issue affects BIND 9 versions 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.

Weakness

The product does not properly control situations in which an adversary can cause the product to consume or produce excessive resources without requiring the adversary to invest equivalent work or otherwise prove authorization, i.e., the adversary’s influence is “asymmetric.”

Affected Software

NameVendorStart VersionEnd Version
Red Hat Enterprise Linux 10RedHatbind-32:9.18.33-4.el10_0.2*
Red Hat Enterprise Linux 10RedHatbind-32:9.18.33-10.el10_1.2*
Red Hat Enterprise Linux 9RedHatbind9.18-32:9.18.29-4.el9_6.2*
Red Hat Enterprise Linux 9RedHatbind9.18-32:9.18.29-5.el9_7.2*
Red Hat Enterprise Linux 9RedHatbind-32:9.16.23-40.el9_8.1*
Red Hat OpenShift Container Platform 4.12RedHatrhcos-412.86.202601061735-0*
Red Hat OpenShift Container Platform 4.13RedHatrhcos-413.92.202601130113-0*
Red Hat OpenShift Container Platform 4.14RedHatrhcos-414.92.202601191325-0*
Red Hat OpenShift Container Platform 4.15RedHatrhcos-415.92.202601271320-0*
Red Hat OpenShift Container Platform 4.16RedHatrhcos-416.94.202601071926-0*
Red Hat OpenShift Container Platform 4.17RedHatrhcos-417.94.202601120213-0*
Red Hat OpenShift Container Platform 4.18RedHatrhcos-418.94.202601071817-0*
Red Hat OpenShift Container Platform 4.19RedHatrhcos-4.19.9.6.202601130152-0*
Red Hat OpenShift Container Platform 4.20RedHatrhcos-4.20.9.6.202601052146-0*
Red Hat Discovery 2RedHatdiscovery/discovery-ui-rhel9:2.4.0-1763656152*
Red Hat Hardened ImagesRedHatbind-main-9.18.48-1.hum1*
Bind9Ubuntudevel*
Bind9Ubuntuesm-infra/bionic*
Bind9Ubuntuesm-infra/focal*
Bind9Ubuntuesm-infra/xenial*
Bind9Ubuntujammy*
Bind9Ubuntunoble*
Bind9Ubuntuplucky*
Bind9Ubuntuquesting*
Bind9Ubunturesolute*
Bind9Ubuntuupstream*
Isc-dhcpUbuntuplucky*
Isc-dhcpUbuntuquesting*

Potential Mitigations

References