CVE-2025-40780: 
Linux Debian vulnerability analysis and mitigation

CVE-2025-40780 is a security vulnerability in BIND 9 that stems from a weakness in the Pseudo Random Number Generator (PRNG). The vulnerability affects multiple versions of BIND 9, including versions 9.16.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, and several S1 variants. The vulnerability was disclosed on October 22, 2025, and has been assigned a CVSS v3.1 base score of 8.6 (HIGH) (NVD).

The vulnerability is classified as CWE-341 (Predictable from Observable State) and involves a weakness in the PRNG implementation that makes it possible for attackers to predict the source port and query ID that BIND will use. The vulnerability has received a CVSS v3.1 vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N, indicating that it can be exploited remotely with low attack complexity and requires no privileges or user interaction (NVD).

The primary impact of this vulnerability is the potential for cache poisoning attacks. Due to the predictability of the PRNG, attackers could potentially predict and manipulate DNS query parameters, leading to successful cache poisoning attacks against affected BIND installations (Ubuntu Security).

Fixed versions have been released for multiple Ubuntu distributions: version 1:9.20.11-1ubuntu2.1 for Ubuntu 25.10, 1:9.20.11-0ubuntu0.2 for Ubuntu 25.04, 1:9.18.39-0ubuntu0.24.04.2 for Ubuntu 24.04 LTS, and 1:9.18.39-0ubuntu0.22.04.2 for Ubuntu 22.04 LTS. System administrators are advised to update their BIND installations to these patched versions (Ubuntu Security).