Cache poisoning vulnerabilities found in 2 DNS resolving apps

22 October 2025

Upgrade to Custom Cursor Pro for exclusive features!
Cache poisoning vulnerabilities found in 2 DNS resolving apps

At least one CVE could weaken defenses put in place following 2008 disclosure.

The makers of BIND, the Internet’s most widely used software for resolving domain names, are warning of two vulnerabilities that allow attackers to poison entire caches of results and send users to malicious destinations that are indistinguishable from the real ones.

The vulnerabilities, tracked as CVE-2025-40778 and CVE-2025-40780, stem from a logic error and a weakness in generating pseudo-random numbers, respectively. They each carry a severity rating of 8.6. Separately, makers of the Domain Name System resolver software Unbound warned of similar vulnerabilities that were reported by the same researchers. The unbound vulnerability severity score is 5.6

Revisiting Kaminsky’s cache poisoning attack

The vulnerabilities can be exploited to cause DNS resolvers located inside thousands of organizations to replace valid results for domain lookups with corrupted ones. The corrupted results would replace the IP addresses controlled by the domain name operator (for instance, 3.15.119.63 for arstechnica.com) with malicious ones controlled by the attacker. Patches for all three vulnerabilities became available on Wednesday.

In 2008, researcher Dan Kaminsky revealed one of the more severe Internet-wide security threats ever. Known as DNS cache poisoning, it made it possible for attackers to send users en masse to imposter sites instead of the real ones belonging to Google, Bank of America, or anyone else. With industry-wide coordination, thousands of DNS providers around the world—in coordination with makers of browsers and other client applications—implemented a fix that averted this doomsday scenario.

The vulnerability was the result of DNS’s use of UDP packets. Because they’re sent in only one direction, there was no way for DNS resolvers to use passwords or other forms of credentials when communicating with “authoritative servers,” meaning those that have been officially designated to provide IP lookups for a given top-level domain such as .com. What’s more, UDP traffic is generally trivial to spoof, meaning it’s easy to send UDP packets that appear to come from a source other than their true origin.

Discover our latest cursor collections and enhance your browsing today!

Related Posts

You might also enjoy these articles on similar topics:

In comedy of errors, men accused of wiping gov databases turned to an AI tool

In comedy of errors, men accused of wiping gov databases turned to an AI tool

Read More
Engineer proves that Kohler’s smart toilet cameras aren’t very private

Engineer proves that Kohler’s smart toilet cameras aren’t very private

Read More
Researchers find what makes AI chatbots politically persuasive

Researchers find what makes AI chatbots politically persuasive

Read More
Why won’t Steam Machine support HDMI 2.1? Digging in on the display standard drama.

Why won’t Steam Machine support HDMI 2.1? Digging in on the display standard drama.

Read More
Advertisement: Try Custom Cursor Pro now!

Our Products

Custom Cursor Trail - Custom Cursor Helper

Custom Cursor Trail - Custom Cursor Helper

Leave a lasting impression - Cursor Trail paints your path in luminous strokes, marrying dynamic motion with elegant design for every movement.

View Product
Cookie Clicker - Idle Browser Simulation

Cookie Clicker - Idle Browser Simulation

Engage millions in addictive baking fun - Cookie Clicker ramps up user retention with layered upgrades and strategic progression in an idle format.

View Product
Custom Cursor Trail - Interactive Effects

Custom Cursor Trail - Interactive Effects

Stand out with Custom Cursor Trail - a Chrome extension that traces your pointer in vivid effects to captivate visitors and boost brand recall.

View Product
Custom Cursor Pro - Custom Cursor

Custom Cursor Pro - Custom Cursor

Elevate your Chrome experience with Custom Cursor Pro: a premium suite of handcrafted cursors engineered for performance, style, and seamless integration.

View Product
Custom Cursor Changer

Custom Cursor Changer

Inject personality into your pointer - Custom Cursor Changer lets you switch between dozens of vibrant designs in a single click, boosting engagement and fun.

View Product
Cursor Space for Google Chrome

Cursor Space for Google Chrome

Transform your browser into a cosmic playground - Cursor Space introduces galaxy-inspired pointers that add immersive flair without sacrificing speed or usability.

View Product
Minesweeper for Chrome - Logic Puzzle

Minesweeper for Chrome - Logic Puzzle

Revitalize a classic with Minesweeper for Chrome - an engaging logic puzzle that enhances site interaction and encourages multiple playthroughs.

View Product
Custom Cursor App - Custom Cursor

Custom Cursor App - Custom Cursor

Discover a versatile cursor toolkit - Custom Cursor App delivers an expansive library of high-resolution pointers that blend flawless aesthetics with lightning-fast performance.

View Product
PiggyBank Money Clicker - Idle Cash Game

PiggyBank Money Clicker - Idle Cash Game

Boost engagement with PiggyBank Money Clicker - a browser idle game where every click yields virtual cash, driving session length and repeat visits.

View Product
Cursor Trails - Custom Cursor Trails

Cursor Trails - Custom Cursor Trails

Enrich each click with graceful motion - Cursor Trails offers a refined collection of animated effects to elevate both style and usability.

View Product
Custom Cursor - Texture Cursors

Custom Cursor - Texture Cursors

Experience tactile depth in the digital realm - Texture Cursors offers a curated set of lifelike pointer textures, elevating both clarity and creativity.

View Product
Money Rain - Visual Currency Extension

Money Rain - Visual Currency Extension

Capture attention with Money Rain - a Chrome extension that showers your screen in dynamic money graphics, perfect for viral sharing and brand visibility.

View Product
Cursor Cat - Animated Pointer Companion

Cursor Cat - Animated Pointer Companion

Delight users with Cursor Cat - a playful Chrome extension that adds a charming feline sidekick to every cursor move, boosting UX and shareability.

View Product
BridgeMaster - Stick Hero Arcade Game

BridgeMaster - Stick Hero Arcade Game

Extend session lengths with BridgeMaster - a physics-driven arcade game where precision and timing unlock new levels of user engagement.

View Product
Pawsome Browser Kitties - Cursor Animation

Pawsome Browser Kitties - Cursor Animation

Increase dwell time with Pawsome Kitties - animated kitten avatars that follow your pointer, enhancing site stickiness and user delight.

View Product
Cursor Helper - Custom Cursors

Cursor Helper - Custom Cursors

Maximize productivity with Cursor Helper: a refined extension that not only customizes your pointer’s look but streamlines your daily workflow with intuitive options.

View Product
Custom Cursor - Mouse Cursor

Custom Cursor - Mouse Cursor

Rediscover the classic pointer - Mouse Cursor redefines simplicity with a selection of minimalist, high-contrast cursors optimized for every task.

View Product
Catch the Cat - Reflex Challenge

Catch the Cat - Reflex Challenge

Drive repeat sessions with Catch the Cat - a fast-paced browser game that tests reflexes and strategic thinking in bite-sized play periods.

View Product