Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-7swx-af28-yqaw
Vulnerability ID VCID-7swx-af28-yqaw
Aliases CVE-2025-40778
Summary bind: Cache poisoning attacks with unsolicited RRs
Status Published
Exploitability 0.5
Weighted Severity 7.7
Risk 3.9
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-347 Improper Verification of Cryptographic Signature
CWE-349 Acceptance of Extraneous Untrusted Data With Trusted Data
System Score Found at
cvssv3 8.6 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-40778.json
epss 5e-05 https://api.first.org/data/v1/epss?cve=CVE-2025-40778
epss 5e-05 https://api.first.org/data/v1/epss?cve=CVE-2025-40778
epss 5e-05 https://api.first.org/data/v1/epss?cve=CVE-2025-40778
epss 5e-05 https://api.first.org/data/v1/epss?cve=CVE-2025-40778
epss 5e-05 https://api.first.org/data/v1/epss?cve=CVE-2025-40778
epss 5e-05 https://api.first.org/data/v1/epss?cve=CVE-2025-40778
cvssv3.1 8.6 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 8.6 https://kb.isc.org/docs/cve-2025-40778
ssvc Track https://kb.isc.org/docs/cve-2025-40778
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-40778.json
https://api.first.org/data/v1/epss?cve=CVE-2025-40778
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40778
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2405827 https://bugzilla.redhat.com/show_bug.cgi?id=2405827
cve-2025-40778 https://kb.isc.org/docs/cve-2025-40778
RHSA-2025:19793 https://access.redhat.com/errata/RHSA-2025:19793
RHSA-2025:19835 https://access.redhat.com/errata/RHSA-2025:19835
RHSA-2025:19912 https://access.redhat.com/errata/RHSA-2025:19912
RHSA-2025:19950 https://access.redhat.com/errata/RHSA-2025:19950
RHSA-2025:19951 https://access.redhat.com/errata/RHSA-2025:19951
RHSA-2025:21034 https://access.redhat.com/errata/RHSA-2025:21034
RHSA-2025:21110 https://access.redhat.com/errata/RHSA-2025:21110
RHSA-2025:21111 https://access.redhat.com/errata/RHSA-2025:21111
RHSA-2025:21735 https://access.redhat.com/errata/RHSA-2025:21735
RHSA-2025:21736 https://access.redhat.com/errata/RHSA-2025:21736
RHSA-2025:21740 https://access.redhat.com/errata/RHSA-2025:21740
RHSA-2025:21741 https://access.redhat.com/errata/RHSA-2025:21741
RHSA-2025:21817 https://access.redhat.com/errata/RHSA-2025:21817
RHSA-2025:21887 https://access.redhat.com/errata/RHSA-2025:21887
RHSA-2025:21889 https://access.redhat.com/errata/RHSA-2025:21889
RHSA-2025:21939 https://access.redhat.com/errata/RHSA-2025:21939
RHSA-2025:21994 https://access.redhat.com/errata/RHSA-2025:21994
RHSA-2025:22168 https://access.redhat.com/errata/RHSA-2025:22168
RHSA-2025:22205 https://access.redhat.com/errata/RHSA-2025:22205
RHSA-2025:23414 https://access.redhat.com/errata/RHSA-2025:23414
RHSA-2026:0326 https://access.redhat.com/errata/RHSA-2026:0326
RHSA-2026:0332 https://access.redhat.com/errata/RHSA-2026:0332
RHSA-2026:0420 https://access.redhat.com/errata/RHSA-2026:0420
RHSA-2026:0674 https://access.redhat.com/errata/RHSA-2026:0674
RHSA-2026:0677 https://access.redhat.com/errata/RHSA-2026:0677
RHSA-2026:0702 https://access.redhat.com/errata/RHSA-2026:0702
RHSA-2026:0934 https://access.redhat.com/errata/RHSA-2026:0934
RHSA-2026:0996 https://access.redhat.com/errata/RHSA-2026:0996
RHSA-2026:1541 https://access.redhat.com/errata/RHSA-2026:1541
USN-7836-1 https://usn.ubuntu.com/7836-1/
USN-7836-2 https://usn.ubuntu.com/7836-2/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-40778.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N Found at https://kb.isc.org/docs/cve-2025-40778
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-07T04:56:12Z/ Found at https://kb.isc.org/docs/cve-2025-40778
Exploit Prediction Scoring System (EPSS)
Percentile 0.00243
EPSS Score 5e-05
Published At April 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:35:45.068837+00:00 RedHat Importer Import https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-40778.json 38.0.0