VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-auju-9h98-xkd1

Essentials
Severities (12)
References (21)
Severity details (4)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-auju-9h98-xkd1
Aliases	CVE-2025-8677
Summary	bind: Resource exhaustion via malformed DNSKEY handling
Status	Published
Exploitability	0.5
Weighted Severity	6.8
Risk	3.4
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-400	Uncontrolled Resource Consumption
CWE-405	Asymmetric Resource Consumption (Amplification)

System	Score	Found at
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8677.json
epss	0.00062	https://api.first.org/data/v1/epss?cve=CVE-2025-8677
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2025-8677
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2025-8677
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2025-8677
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2025-8677
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2025-8677
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2025-8677
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2025-8677
cvssv3.1	7.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	7.5	https://kb.isc.org/docs/cve-2025-8677
ssvc	Track	https://kb.isc.org/docs/cve-2025-8677

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8677.json
		https://api.first.org/data/v1/epss?cve=CVE-2025-8677
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8677
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2405830		https://bugzilla.redhat.com/show_bug.cgi?id=2405830
cve-2025-8677		https://kb.isc.org/docs/cve-2025-8677
RHSA-2025:19912		https://access.redhat.com/errata/RHSA-2025:19912
RHSA-2025:19950		https://access.redhat.com/errata/RHSA-2025:19950
RHSA-2025:21034		https://access.redhat.com/errata/RHSA-2025:21034
RHSA-2025:21111		https://access.redhat.com/errata/RHSA-2025:21111
RHSA-2025:21994		https://access.redhat.com/errata/RHSA-2025:21994
RHSA-2026:0326		https://access.redhat.com/errata/RHSA-2026:0326
RHSA-2026:0332		https://access.redhat.com/errata/RHSA-2026:0332
RHSA-2026:0420		https://access.redhat.com/errata/RHSA-2026:0420
RHSA-2026:0674		https://access.redhat.com/errata/RHSA-2026:0674
RHSA-2026:0677		https://access.redhat.com/errata/RHSA-2026:0677
RHSA-2026:0702		https://access.redhat.com/errata/RHSA-2026:0702
RHSA-2026:0996		https://access.redhat.com/errata/RHSA-2026:0996
RHSA-2026:1541		https://access.redhat.com/errata/RHSA-2026:1541
USN-7836-1		https://usn.ubuntu.com/7836-1/
USN-7836-2		https://usn.ubuntu.com/7836-2/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8677.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://kb.isc.org/docs/cve-2025-8677

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-22T17:29:14Z/ Found at https://kb.isc.org/docs/cve-2025-8677

Exploit Prediction Scoring System (EPSS)

Percentile	0.19421
EPSS Score	0.00062
Published At	April 2, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T13:35:46.665126+00:00	RedHat Importer	Import	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8677.json	38.0.0