The Berkeley Internet Name Domain (BIND) 9.16 implementation used in Red Hat Enterprise Linux 8 contained two security vulnerabilities related to DNS cache poisoning. The first (CVE-2025-40778) involves cache poisoning attacks using unsolicited resource records, and the second (CVE-2025-40780) involves cache poisoning due to a weak pseudo-random number generator (PRNG). These flaws could allow an attacker to inject malicious DNS data into the cache, potentially redirecting DNS queries. Red Hat has issued an update for bind9.16 packages across multiple architectures and variants of RHEL 8 to address these vulnerabilities. The advisory classifies the impact as Important and recommends applying the update. No CVSS scores or detailed exploitation techniques are provided in the advisory. No known exploits have been reported in the wild.

Successful exploitation of these vulnerabilities could allow an attacker to perform DNS cache poisoning, potentially redirecting DNS queries to malicious destinations. This could lead to denial of service or man-in-the-middle scenarios affecting DNS resolution on affected systems. The advisory rates the impact as Important, indicating a significant security concern. There are no known exploits in the wild at the time of the advisory.

Red Hat has released updated bind9.16 packages that address these vulnerabilities. Users of Red Hat Enterprise Linux 8 and related products should apply the available security updates as detailed in the Red Hat advisory (RHSA-2025:19793) and the referenced article https://access.redhat.com/articles/11258. Applying these official patches is the recommended and effective mitigation. No additional vendor-recommended mitigations or workarounds are indicated.