Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.7
CVE-2025-5994: Unbound and other caching resolvers are vulnerable to DNS cache poisoning
CVE-2025-5994
Summary
A security weakness has been found in some DNS servers that could allow attackers to manipulate user requests. This affects Unbound and other caching resolvers that help speed up DNS lookups. To fix this issue, ensure that these servers are not configured to send certain information that makes them vulnerable to this attack.
Original title
A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet (ECS). Unbound is also vulnerable when compiled with ...
Original description
A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet (ECS). Unbound is also vulnerable when compiled with ECS support, i.e., '--enable-subnet', AND configured to send ECS information along with queries to upstream name servers, i.e., at least one of the 'send-client-subnet', 'client-subnet-zone' or 'client-subnet-always-forward' options is used. Resolvers supporting ECS need to segregate outgoing queries to accommodate for different outgoing ECS information. This re-opens up resolvers to a birthday paradox attack (Rebirthday Attack) that tries to match the DNS transaction ID in order to cache non-ECS poisonous replies.
nvd CVSS4.0
8.7
Vulnerability type
CWE-349
Published: 16 Jul 2025 · Updated: 16 Jun 2026 · First seen: 7 Mar 2026