#VU113077 Acceptance of Extraneous Untrusted Data With Trusted Data in Unbound - CVE-2025-5994
Published: July 21, 2025
Vulnerability identifier: #VU113077
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:U/U:Green
CVE-ID: CVE-2025-5994
CWE-ID: CWE-349
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Unbound
Unbound
Software vendor:
NLnet Labs
NLnet Labs
Description
The vulnerability allows a remote attacker to perform cache poisoning attacks.
The vulnerability exists due to a logic error in the EDNS Client Subnet (ECS) implementation. A remote attacker can perform cache poisoning attacks against Unbound servers with ECS support, a.k.a. Rebirthday Attack.
Successful exploitation of the vulnerability requires that the server is compiled with '--enable-subnet' and configured to send ECS information to upstream name servers with at least one of the 'send-client-subnet', 'client-subnet-zone' or 'client-subnet-always-forward' options.
Remediation
Install updates from vendor's website.