cve 2025 11411

About this tag
CVE-2025-11411 is a critical cache-poisoning vulnerability in the Unbound DNS resolver, disclosed by NLnet Labs. It allows crafted DNS responses with promiscuous NS resource record sets in the authority section to poison delegation data, potentially enabling domain hijacking of non-DNSSEC zones. An emergency patch was released in Unbound version 1.2 to address this issue. On WindowsForum.com, discussions cover the technical details of the vulnerability, its impact on DNS security, and steps to apply the patch. The tag is relevant for IT professionals and system administrators managing Unbound on Windows or other platforms who need to understand and mitigate this DNS delegation poisoning threat.
  1. Unbound CVE-2025-11411 Patch: Stop DNS Delegation Poisoning

    NLnet Labs has released an emergency patch for Unbound after researchers disclosed CVE-2025-11411, a cache‑poisoning class vulnerability that lets crafted responses carrying promiscuous NS resource record sets (RRSets) in the DNS authority section trick resolvers into updating delegation data —...