VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-jj87-61kf-mufs

Essentials
Severities (12)
References (26)
Severity details (3)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-jj87-61kf-mufs
Aliases	CVE-2020-25686
Summary	Multiple vulnerabilities have been found in Dnsmasq, the worst of which may allow remote attackers to execute arbitrary code.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-290

Authentication Bypass by Spoofing

System	Score	Found at
cvssv3	4.0	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25686.json
epss	0.00411	https://api.first.org/data/v1/epss?cve=CVE-2020-25686
epss	0.00411	https://api.first.org/data/v1/epss?cve=CVE-2020-25686
epss	0.00411	https://api.first.org/data/v1/epss?cve=CVE-2020-25686
epss	0.00411	https://api.first.org/data/v1/epss?cve=CVE-2020-25686
epss	0.00411	https://api.first.org/data/v1/epss?cve=CVE-2020-25686
epss	0.00411	https://api.first.org/data/v1/epss?cve=CVE-2020-25686
epss	0.00411	https://api.first.org/data/v1/epss?cve=CVE-2020-25686
epss	0.00411	https://api.first.org/data/v1/epss?cve=CVE-2020-25686
epss	0.00411	https://api.first.org/data/v1/epss?cve=CVE-2020-25686
cvssv3.1	5.4	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
archlinux	High	https://security.archlinux.org/AVG-1470

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25686.json
		https://api.first.org/data/v1/epss?cve=CVE-2020-25686
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25681
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25682
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25683
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25684
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25685
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25686
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25687
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1890125		https://bugzilla.redhat.com/show_bug.cgi?id=1890125
ASA-202101-38		https://security.archlinux.org/ASA-202101-38
AVG-1470		https://security.archlinux.org/AVG-1470
GLSA-202101-17		https://security.gentoo.org/glsa/202101-17
RHSA-2021:0150		https://access.redhat.com/errata/RHSA-2021:0150
RHSA-2021:0151		https://access.redhat.com/errata/RHSA-2021:0151
RHSA-2021:0152		https://access.redhat.com/errata/RHSA-2021:0152
RHSA-2021:0153		https://access.redhat.com/errata/RHSA-2021:0153
RHSA-2021:0154		https://access.redhat.com/errata/RHSA-2021:0154
RHSA-2021:0155		https://access.redhat.com/errata/RHSA-2021:0155
RHSA-2021:0156		https://access.redhat.com/errata/RHSA-2021:0156
RHSA-2021:0240		https://access.redhat.com/errata/RHSA-2021:0240
RHSA-2021:0245		https://access.redhat.com/errata/RHSA-2021:0245
RHSA-2021:0395		https://access.redhat.com/errata/RHSA-2021:0395
RHSA-2021:0401		https://access.redhat.com/errata/RHSA-2021:0401
USN-4698-1		https://usn.ubuntu.com/4698-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25686.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.61242
EPSS Score	0.00411
Published At	April 1, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T13:02:26.246225+00:00	Gentoo Importer	Import	https://security.gentoo.org/glsa/202101-17	38.0.0