FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

powerdns-recursor -- cache pollution

Affected packages
powerdns-recursor < 5.2.4

Details

VuXML ID b3948bf3-685e-11f0-bff5-6805ca2fa271
Discovery 2025-07-21
Entry 2025-07-24

PowerDNS Team reports:

An attacker spoofing answers to ECS enabled requests sent out by the Recursor has a chance of success higher than non-ECS enabled queries. The updated version include various mitigations against spoofing attempts of ECS enabled queries by chaining ECS enabled requests and enforcing stricter validation of the received answers. The most strict mitigation done when the new setting outgoing.edns_subnet_harden (old style name edns-subnet-harden) is enabled.

[source]

References

CVE Name CVE-2025-30192
URL https://nvd.nist.gov/vuln/detail/CVE-2025-30192

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.