ISC released security advisories addressing several high-severity vulnerabilities in BIND 9 DNS software, affecting versions 9.11.x, 9.16.x, 9.18.x, 9.20.x, and 9.21.x. These flaws could allow attackers to conduct cache poisoning and denial of service (DoS) attacks, potentially disrupting DNS resolution and compromising the integrity of DNS responses. The vulnerabilities are tracked as CVE-2025-8677, CVE-2025-40778, and CVE-2025-40780, and have been rated as critical due to their potential impact on DNS infrastructure.
Administrators are strongly advised to review the official advisories and apply the necessary patches to affected BIND 9 deployments. The Canadian Centre for Cyber Security and other security organizations have issued alerts urging immediate action to mitigate the risk of exploitation. Failure to update could expose organizations to significant operational and security risks, including service outages and the possibility of malicious redirection of network traffic.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
2 events from the most recent confirmed update back to the earliest known activity.
On 2025-10-22, the Canadian Centre for Cyber Security advised organizations to review ISC's BIND advisories and install the necessary updates to reduce risk to DNS infrastructure. The notice emphasized timely patching, though it did not report exploitation in the wild.
On 2025-10-22, ISC published security advisories covering multiple vulnerabilities in various BIND 9 releases, including CVE-2025-8677, CVE-2025-40778, and CVE-2025-40780. The advisories affected versions across several major and minor branches and directed users to the BIND 9 Security Vulnerability Matrix for remediation guidance.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
2 references tracked. Mallory keeps watching after this page renders.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.