CVE-2025-30192 — HIGH (7.5)

Vulnerability Description

An attacker spoofing answers to ECS enabled requests sent out by the Recursor has a chance of success higher than non-ECS enabled queries. The updated version include various mitigations against spoofing attempts of ECS enabled queries by chaining ECS enabled requests and enforcing stricter validation of the received answers. The most strict mitigation done when the new setting outgoing.edns_subnet_harden (old style name edns-subnet-harden) is enabled.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Related Weaknesses (CWE)

CWE-345

References

https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2025-04

FAQ

What is CVE-2025-30192?

CVE-2025-30192 is a vulnerability with a CVSS score of 7.5 (HIGH). An attacker spoofing answers to ECS enabled requests sent out by the Recursor has a chance of success higher than non-ECS enabled queries. The updated version include various mitigations against spoo...

How severe is CVE-2025-30192?

CVE-2025-30192 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-30192?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.