BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients.
Conclusion & alert: CVE-2021-25220 is rated Moderate Risk (60.7/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 3.25%). Core evidence: EPSS rose +3.17% over the last day, indicating growing attacker interest. Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 0.08% | 3.25% | +3.17% |
| 2 | 2025-11-20 | 0.79% | 0.08% | -0.70% |
| 3 | 2025-11-18 | — | 0.79% | — |
Full EPSS history (18 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 6.8 | 3.1 | MEDIUM |
|
2.3 | 4.0 | [email protected] |
| 6.8 | 3.1 | MEDIUM |
|
2.3 | 4.0 | [email protected] |
| 4.0 | 2.0 | MEDIUM |
|
8.0 | 2.9 | [email protected] |
| vendor | priority | summary | link |
|---|---|---|---|
alpine
|
high | CVE-2021-25220: 1 source package rows (bind); 99 state rows across 8 repos (3.12-main, 3.17-main, 3.18-main, 3.19-main, 3.20-main, 3.21-main, 3.22-main, edge-main); fixed 8, open 91. | https://security.alpinelinux.org/vuln/CVE-2021-25220 |
debian
|
not yet assigned | CVE-2021-25220 not yet assigned priority: Debian including 1 source packages (bind9), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. | https://security-tracker.debian.org/tracker/CVE-2021-25220 |
gentoo
|
low | CVE-2021-25220: 1 GLSA(s) (202210-25), 2 atom(s) (net-dns/bind, net-dns/bind-tools); latest impact low. | https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2021-25220 |
redhat
|
medium | — | https://access.redhat.com/security/cve/CVE-2021-25220 |
suse
|
medium | CVE-2021-25220 severity moderate: SUSE including 403 source package names (amazon/suse-sles-15-sp1-chost-byos-v20210304-hvm-ssd-x86_64, amazon/suse-sles-15-sp1-chost-byos-v20220127-hvm-ssd-x86_64, …), 1608 product×package rows across 208 product lines (HPE Helion OpenStack 8, Image SLES12-SP5-Azure-BYOS, … (208 product lines)): Fixed 1409, Known Not Affected 132, Known Affected 67. | https://www.suse.com/security/cve/CVE-2021-25220/ |
ubuntu
|
medium | CVE-2021-25220 medium priority: Ubuntu including 1 source packages (bind9), 7 status rows across 7 suites (bionic, focal, impish, jammy, trusty, upstream, xenial): released 7. | https://ubuntu.com/security/CVE-2021-25220 |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| isc | bind | >= 9.11.0, < 9.11.37 | cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:* |
| isc | bind | >= 9.11.4, < 9.11.37 | cpe:2.3:a:isc:bind:*:*:*:*:supported_preview:*:*:* |
| isc | bind | >= 9.12.0, < 9.16.27 | cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:* |
| isc | bind | >= 9.16.8, < 9.16.27 | cpe:2.3:a:isc:bind:*:*:*:*:supported_preview:*:*:* |
| isc | bind | >= 9.17.0, <= 9.18.0 | cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:* |
| fedoraproject | fedora | 34 | cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* |
| fedoraproject | fedora | 35 | cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* |
| fedoraproject | fedora | 36 | cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* |
| netapp | h300s_firmware | — | cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* |
| netapp | h500s_firmware | — | cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:* |
| netapp | h700s_firmware | — | cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:* |
| netapp | h300e_firmware | — | cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:* |
| netapp | h500e_firmware | — | cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:* |
| netapp | h700e_firmware | — | cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:* |
| netapp | h410s_firmware | — | cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:* |
| netapp | h410c_firmware | — | cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:* |
| siemens | sinec_ins | < 1.0 | cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:* |
| siemens | sinec_ins | 1.0 | cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:* |
| siemens | sinec_ins | 1.0 | cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:* |
| juniper | junos | < 19.3 | cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:* |
| juniper | junos | 19.3 | cpe:2.3:o:juniper:junos:19.3:-:*:*:*:*:*:* |
| juniper | junos | 19.3 | cpe:2.3:o:juniper:junos:19.3:r1-s1:*:*:*:*:*:* |
| juniper | junos | 19.3 | cpe:2.3:o:juniper:junos:19.3:r2:*:*:*:*:*:* |
| juniper | junos | 19.3 | cpe:2.3:o:juniper:junos:19.3:r2-s1:*:*:*:*:*:* |
| juniper | junos | 19.3 | cpe:2.3:o:juniper:junos:19.3:r2-s2:*:*:*:*:*:* |
| juniper | junos | 19.3 | cpe:2.3:o:juniper:junos:19.3:r2-s3:*:*:*:*:*:* |
| juniper | junos | 19.3 | cpe:2.3:o:juniper:junos:19.3:r2-s4:*:*:*:*:*:* |
| juniper | junos | 19.3 | cpe:2.3:o:juniper:junos:19.3:r2-s5:*:*:*:*:*:* |
| juniper | junos | 19.3 | cpe:2.3:o:juniper:junos:19.3:r2-s6:*:*:*:*:*:* |
| juniper | junos | 19.3 | cpe:2.3:o:juniper:junos:19.3:r2-s7:*:*:*:*:*:* |
| juniper | junos | 19.3 | cpe:2.3:o:juniper:junos:19.3:r3:*:*:*:*:*:* |
| juniper | junos | 19.3 | cpe:2.3:o:juniper:junos:19.3:r3-s1:*:*:*:*:*:* |
| juniper | junos | 19.3 | cpe:2.3:o:juniper:junos:19.3:r3-s2:*:*:*:*:*:* |
| juniper | junos | 19.3 | cpe:2.3:o:juniper:junos:19.3:r3-s3:*:*:*:*:*:* |
| juniper | junos | 19.3 | cpe:2.3:o:juniper:junos:19.3:r3-s4:*:*:*:*:*:* |
| juniper | junos | 19.3 | cpe:2.3:o:juniper:junos:19.3:r3-s5:*:*:*:*:*:* |
| juniper | junos | 19.3 | cpe:2.3:o:juniper:junos:19.3:r3-s6:*:*:*:*:*:* |
| juniper | junos | 19.4 | cpe:2.3:o:juniper:junos:19.4:-:*:*:*:*:*:* |
| juniper | junos | 19.4 | cpe:2.3:o:juniper:junos:19.4:r1:*:*:*:*:*:* |
| juniper | junos | 19.4 | cpe:2.3:o:juniper:junos:19.4:r1-s1:*:*:*:*:*:* |
| juniper | junos | 19.4 | cpe:2.3:o:juniper:junos:19.4:r1-s2:*:*:*:*:*:* |
| juniper | junos | 19.4 | cpe:2.3:o:juniper:junos:19.4:r1-s3:*:*:*:*:*:* |
| juniper | junos | 19.4 | cpe:2.3:o:juniper:junos:19.4:r1-s4:*:*:*:*:*:* |
| juniper | junos | 19.4 | cpe:2.3:o:juniper:junos:19.4:r2:*:*:*:*:*:* |
| juniper | junos | 19.4 | cpe:2.3:o:juniper:junos:19.4:r2-s1:*:*:*:*:*:* |
| juniper | junos | 19.4 | cpe:2.3:o:juniper:junos:19.4:r2-s2:*:*:*:*:*:* |
| juniper | junos | 19.4 | cpe:2.3:o:juniper:junos:19.4:r2-s3:*:*:*:*:*:* |
| juniper | junos | 19.4 | cpe:2.3:o:juniper:junos:19.4:r2-s4:*:*:*:*:*:* |
| juniper | junos | 19.4 | cpe:2.3:o:juniper:junos:19.4:r2-s5:*:*:*:*:*:* |
| juniper | junos | 19.4 | cpe:2.3:o:juniper:junos:19.4:r2-s6:*:*:*:*:*:* |
| juniper | junos | 19.4 | cpe:2.3:o:juniper:junos:19.4:r2-s7:*:*:*:*:*:* |
| juniper | junos | 19.4 | cpe:2.3:o:juniper:junos:19.4:r3:*:*:*:*:*:* |
| juniper | junos | 19.4 | cpe:2.3:o:juniper:junos:19.4:r3-s1:*:*:*:*:*:* |
| juniper | junos | 19.4 | cpe:2.3:o:juniper:junos:19.4:r3-s2:*:*:*:*:*:* |
| juniper | junos | 19.4 | cpe:2.3:o:juniper:junos:19.4:r3-s3:*:*:*:*:*:* |
| juniper | junos | 19.4 | cpe:2.3:o:juniper:junos:19.4:r3-s4:*:*:*:*:*:* |
| juniper | junos | 19.4 | cpe:2.3:o:juniper:junos:19.4:r3-s5:*:*:*:*:*:* |
| juniper | junos | 19.4 | cpe:2.3:o:juniper:junos:19.4:r3-s6:*:*:*:*:*:* |
| juniper | junos | 19.4 | cpe:2.3:o:juniper:junos:19.4:r3-s7:*:*:*:*:*:* |
| juniper | junos | 19.4 | cpe:2.3:o:juniper:junos:19.4:r3-s8:*:*:*:*:*:* |
| juniper | junos | 20.2 | cpe:2.3:o:juniper:junos:20.2:-:*:*:*:*:*:* |
| juniper | junos | 20.2 | cpe:2.3:o:juniper:junos:20.2:r1:*:*:*:*:*:* |
| juniper | junos | 20.2 | cpe:2.3:o:juniper:junos:20.2:r1-s1:*:*:*:*:*:* |
| juniper | junos | 20.2 | cpe:2.3:o:juniper:junos:20.2:r1-s2:*:*:*:*:*:* |
| juniper | junos | 20.2 | cpe:2.3:o:juniper:junos:20.2:r1-s3:*:*:*:*:*:* |
| juniper | junos | 20.2 | cpe:2.3:o:juniper:junos:20.2:r2:*:*:*:*:*:* |
| juniper | junos | 20.2 | cpe:2.3:o:juniper:junos:20.2:r2-s1:*:*:*:*:*:* |
| juniper | junos | 20.2 | cpe:2.3:o:juniper:junos:20.2:r2-s2:*:*:*:*:*:* |
| juniper | junos | 20.2 | cpe:2.3:o:juniper:junos:20.2:r2-s3:*:*:*:*:*:* |
| juniper | junos | 20.2 | cpe:2.3:o:juniper:junos:20.2:r3:*:*:*:*:*:* |
| juniper | junos | 20.2 | cpe:2.3:o:juniper:junos:20.2:r3-s1:*:*:*:*:*:* |
| juniper | junos | 20.2 | cpe:2.3:o:juniper:junos:20.2:r3-s2:*:*:*:*:*:* |
| juniper | junos | 20.2 | cpe:2.3:o:juniper:junos:20.2:r3-s3:*:*:*:*:*:* |
| juniper | junos | 20.2 | cpe:2.3:o:juniper:junos:20.2:r3-s4:*:*:*:*:*:* |
| juniper | junos | 20.3 | cpe:2.3:o:juniper:junos:20.3:-:*:*:*:*:*:* |
| juniper | junos | 20.3 | cpe:2.3:o:juniper:junos:20.3:r1:*:*:*:*:*:* |
| juniper | junos | 20.3 | cpe:2.3:o:juniper:junos:20.3:r1-s1:*:*:*:*:*:* |
| juniper | junos | 20.3 | cpe:2.3:o:juniper:junos:20.3:r1-s2:*:*:*:*:*:* |
| juniper | junos | 20.3 | cpe:2.3:o:juniper:junos:20.3:r2:*:*:*:*:*:* |
| juniper | junos | 20.3 | cpe:2.3:o:juniper:junos:20.3:r2-s1:*:*:*:*:*:* |