Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-2fs7-vy7z-mkb5
Vulnerability ID VCID-2fs7-vy7z-mkb5
Aliases CVE-2025-13878
Summary bind: bind: Denial of Service via corrupt or malicious record
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-1286 Improper Validation of Syntactic Correctness of Input
CWE-617 Reachable Assertion
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13878.json
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2025-13878
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2025-13878
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2025-13878
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2025-13878
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2025-13878
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2025-13878
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2025-13878
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2025-13878
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2025-13878
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2025-13878
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2025-13878
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2025-13878
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2025-13878
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2025-13878
cvssv3.1 7.5 https://downloads.isc.org/isc/bind9/9.18.44
ssvc Track https://downloads.isc.org/isc/bind9/9.18.44
cvssv3.1 7.5 https://downloads.isc.org/isc/bind9/9.20.18
ssvc Track https://downloads.isc.org/isc/bind9/9.20.18
cvssv3.1 7.5 https://downloads.isc.org/isc/bind9/9.21.17
ssvc Track https://downloads.isc.org/isc/bind9/9.21.17
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 7.5 https://kb.isc.org/docs/cve-2025-13878
ssvc Track https://kb.isc.org/docs/cve-2025-13878
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13878.json
https://api.first.org/data/v1/epss?cve=CVE-2025-13878
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2431600 https://bugzilla.redhat.com/show_bug.cgi?id=2431600
9.18.44 https://downloads.isc.org/isc/bind9/9.18.44
9.20.18 https://downloads.isc.org/isc/bind9/9.20.18
9.21.17 https://downloads.isc.org/isc/bind9/9.21.17
cve-2025-13878 https://kb.isc.org/docs/cve-2025-13878
RHSA-2026:6935 https://access.redhat.com/errata/RHSA-2026:6935
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13878.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://downloads.isc.org/isc/bind9/9.18.44
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:57:50Z/ Found at https://downloads.isc.org/isc/bind9/9.18.44
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://downloads.isc.org/isc/bind9/9.20.18
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:57:50Z/ Found at https://downloads.isc.org/isc/bind9/9.20.18
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://downloads.isc.org/isc/bind9/9.21.17
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:57:50Z/ Found at https://downloads.isc.org/isc/bind9/9.21.17
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://kb.isc.org/docs/cve-2025-13878
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:57:50Z/ Found at https://kb.isc.org/docs/cve-2025-13878
Exploit Prediction Scoring System (EPSS)
Percentile 0.13046
EPSS Score 0.00042
Published At April 2, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:32:24.910862+00:00 RedHat Importer Import https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13878.json 38.0.0