CVE-2021-25220 | DNS forwarders - cache poisoning vulnerability

BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients.

Published: 2022-03-23 Last update: 2026-06-16 Assigner: [email protected] Source: [email protected]

Conclusion & alert: CVE-2021-25220 is rated Moderate Risk (60.7/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 3.25%). Core evidence: EPSS rose +3.17% over the last day, indicating growing attacker interest. Mandatory action: Review affected assets and schedule remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2021-25220

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.08% 3.25% +3.17%
2 2025-11-20 0.79% 0.08% -0.70%
3 2025-11-18 0.79%

Full EPSS history (18 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2021-25220

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
6.8 3.1 MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:H)
They need powerful rights—admin, root, or similar—before this pays off.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:C)
Breaking this can reach past the original component and bite other resources—bigger blast radius.
Confidentiality (C:N)
Doesn’t really leak secrets in a meaningful way.
Integrity (I:H)
They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:N)
Service keeps running; no real outage angle.
2.3 4.0 [email protected]
6.8 3.1 MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:H)
They need powerful rights—admin, root, or similar—before this pays off.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:C)
Breaking this can reach past the original component and bite other resources—bigger blast radius.
Confidentiality (C:N)
Doesn’t really leak secrets in a meaningful way.
Integrity (I:H)
They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:N)
Service keeps running; no real outage angle.
2.3 4.0 [email protected]
4.0 2.0 MEDIUM
AV:N/AC:L/Au:S/C:N/I:P/A:N Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:S)
A single authentication is required.
Confidentiality impact (C:N)
No confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:N)
No availability impact.
8.0 2.9 [email protected]

Weakness enumeration for CVE-2021-25220

OS Trackers for CVE-2021-25220

vendor priority summary link
alpine high CVE-2021-25220: 1 source package rows (bind); 99 state rows across 8 repos (3.12-main, 3.17-main, 3.18-main, 3.19-main, 3.20-main, 3.21-main, 3.22-main, edge-main); fixed 8, open 91. https://security.alpinelinux.org/vuln/CVE-2021-25220
debian not yet assigned CVE-2021-25220 not yet assigned priority: Debian including 1 source packages (bind9), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. https://security-tracker.debian.org/tracker/CVE-2021-25220
gentoo low CVE-2021-25220: 1 GLSA(s) (202210-25), 2 atom(s) (net-dns/bind, net-dns/bind-tools); latest impact low. https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2021-25220
redhat medium https://access.redhat.com/security/cve/CVE-2021-25220
suse medium CVE-2021-25220 severity moderate: SUSE including 403 source package names (amazon/suse-sles-15-sp1-chost-byos-v20210304-hvm-ssd-x86_64, amazon/suse-sles-15-sp1-chost-byos-v20220127-hvm-ssd-x86_64, …), 1608 product×package rows across 208 product lines (HPE Helion OpenStack 8, Image SLES12-SP5-Azure-BYOS, … (208 product lines)): Fixed 1409, Known Not Affected 132, Known Affected 67. https://www.suse.com/security/cve/CVE-2021-25220/
ubuntu medium CVE-2021-25220 medium priority: Ubuntu including 1 source packages (bind9), 7 status rows across 7 suites (bionic, focal, impish, jammy, trusty, upstream, xenial): released 7. https://ubuntu.com/security/CVE-2021-25220

Affected software / configurations for CVE-2021-25220

Vendor Product Version Raw CPE
isc bind >= 9.11.0, < 9.11.37 cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*
isc bind >= 9.11.4, < 9.11.37 cpe:2.3:a:isc:bind:*:*:*:*:supported_preview:*:*:*
isc bind >= 9.12.0, < 9.16.27 cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*
isc bind >= 9.16.8, < 9.16.27 cpe:2.3:a:isc:bind:*:*:*:*:supported_preview:*:*:*
isc bind >= 9.17.0, <= 9.18.0 cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*
fedoraproject fedora 34 cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
fedoraproject fedora 35 cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
fedoraproject fedora 36 cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
netapp h300s_firmware cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
netapp h500s_firmware cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
netapp h700s_firmware cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
netapp h300e_firmware cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*
netapp h500e_firmware cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*
netapp h700e_firmware cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*
netapp h410s_firmware cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
netapp h410c_firmware cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
siemens sinec_ins < 1.0 cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*
siemens sinec_ins 1.0 cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*
siemens sinec_ins 1.0 cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*
juniper junos < 19.3 cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*
juniper junos 19.3 cpe:2.3:o:juniper:junos:19.3:-:*:*:*:*:*:*
juniper junos 19.3 cpe:2.3:o:juniper:junos:19.3:r1-s1:*:*:*:*:*:*
juniper junos 19.3 cpe:2.3:o:juniper:junos:19.3:r2:*:*:*:*:*:*
juniper junos 19.3 cpe:2.3:o:juniper:junos:19.3:r2-s1:*:*:*:*:*:*
juniper junos 19.3 cpe:2.3:o:juniper:junos:19.3:r2-s2:*:*:*:*:*:*
juniper junos 19.3 cpe:2.3:o:juniper:junos:19.3:r2-s3:*:*:*:*:*:*
juniper junos 19.3 cpe:2.3:o:juniper:junos:19.3:r2-s4:*:*:*:*:*:*
juniper junos 19.3 cpe:2.3:o:juniper:junos:19.3:r2-s5:*:*:*:*:*:*
juniper junos 19.3 cpe:2.3:o:juniper:junos:19.3:r2-s6:*:*:*:*:*:*
juniper junos 19.3 cpe:2.3:o:juniper:junos:19.3:r2-s7:*:*:*:*:*:*
juniper junos 19.3 cpe:2.3:o:juniper:junos:19.3:r3:*:*:*:*:*:*
juniper junos 19.3 cpe:2.3:o:juniper:junos:19.3:r3-s1:*:*:*:*:*:*
juniper junos 19.3 cpe:2.3:o:juniper:junos:19.3:r3-s2:*:*:*:*:*:*
juniper junos 19.3 cpe:2.3:o:juniper:junos:19.3:r3-s3:*:*:*:*:*:*
juniper junos 19.3 cpe:2.3:o:juniper:junos:19.3:r3-s4:*:*:*:*:*:*
juniper junos 19.3 cpe:2.3:o:juniper:junos:19.3:r3-s5:*:*:*:*:*:*
juniper junos 19.3 cpe:2.3:o:juniper:junos:19.3:r3-s6:*:*:*:*:*:*
juniper junos 19.4 cpe:2.3:o:juniper:junos:19.4:-:*:*:*:*:*:*
juniper junos 19.4 cpe:2.3:o:juniper:junos:19.4:r1:*:*:*:*:*:*
juniper junos 19.4 cpe:2.3:o:juniper:junos:19.4:r1-s1:*:*:*:*:*:*
juniper junos 19.4 cpe:2.3:o:juniper:junos:19.4:r1-s2:*:*:*:*:*:*
juniper junos 19.4 cpe:2.3:o:juniper:junos:19.4:r1-s3:*:*:*:*:*:*
juniper junos 19.4 cpe:2.3:o:juniper:junos:19.4:r1-s4:*:*:*:*:*:*
juniper junos 19.4 cpe:2.3:o:juniper:junos:19.4:r2:*:*:*:*:*:*
juniper junos 19.4 cpe:2.3:o:juniper:junos:19.4:r2-s1:*:*:*:*:*:*
juniper junos 19.4 cpe:2.3:o:juniper:junos:19.4:r2-s2:*:*:*:*:*:*
juniper junos 19.4 cpe:2.3:o:juniper:junos:19.4:r2-s3:*:*:*:*:*:*
juniper junos 19.4 cpe:2.3:o:juniper:junos:19.4:r2-s4:*:*:*:*:*:*
juniper junos 19.4 cpe:2.3:o:juniper:junos:19.4:r2-s5:*:*:*:*:*:*
juniper junos 19.4 cpe:2.3:o:juniper:junos:19.4:r2-s6:*:*:*:*:*:*
juniper junos 19.4 cpe:2.3:o:juniper:junos:19.4:r2-s7:*:*:*:*:*:*
juniper junos 19.4 cpe:2.3:o:juniper:junos:19.4:r3:*:*:*:*:*:*
juniper junos 19.4 cpe:2.3:o:juniper:junos:19.4:r3-s1:*:*:*:*:*:*
juniper junos 19.4 cpe:2.3:o:juniper:junos:19.4:r3-s2:*:*:*:*:*:*
juniper junos 19.4 cpe:2.3:o:juniper:junos:19.4:r3-s3:*:*:*:*:*:*
juniper junos 19.4 cpe:2.3:o:juniper:junos:19.4:r3-s4:*:*:*:*:*:*
juniper junos 19.4 cpe:2.3:o:juniper:junos:19.4:r3-s5:*:*:*:*:*:*
juniper junos 19.4 cpe:2.3:o:juniper:junos:19.4:r3-s6:*:*:*:*:*:*
juniper junos 19.4 cpe:2.3:o:juniper:junos:19.4:r3-s7:*:*:*:*:*:*
juniper junos 19.4 cpe:2.3:o:juniper:junos:19.4:r3-s8:*:*:*:*:*:*
juniper junos 20.2 cpe:2.3:o:juniper:junos:20.2:-:*:*:*:*:*:*
juniper junos 20.2 cpe:2.3:o:juniper:junos:20.2:r1:*:*:*:*:*:*
juniper junos 20.2 cpe:2.3:o:juniper:junos:20.2:r1-s1:*:*:*:*:*:*
juniper junos 20.2 cpe:2.3:o:juniper:junos:20.2:r1-s2:*:*:*:*:*:*
juniper junos 20.2 cpe:2.3:o:juniper:junos:20.2:r1-s3:*:*:*:*:*:*
juniper junos 20.2 cpe:2.3:o:juniper:junos:20.2:r2:*:*:*:*:*:*
juniper junos 20.2 cpe:2.3:o:juniper:junos:20.2:r2-s1:*:*:*:*:*:*
juniper junos 20.2 cpe:2.3:o:juniper:junos:20.2:r2-s2:*:*:*:*:*:*
juniper junos 20.2 cpe:2.3:o:juniper:junos:20.2:r2-s3:*:*:*:*:*:*
juniper junos 20.2 cpe:2.3:o:juniper:junos:20.2:r3:*:*:*:*:*:*
juniper junos 20.2 cpe:2.3:o:juniper:junos:20.2:r3-s1:*:*:*:*:*:*
juniper junos 20.2 cpe:2.3:o:juniper:junos:20.2:r3-s2:*:*:*:*:*:*
juniper junos 20.2 cpe:2.3:o:juniper:junos:20.2:r3-s3:*:*:*:*:*:*
juniper junos 20.2 cpe:2.3:o:juniper:junos:20.2:r3-s4:*:*:*:*:*:*
juniper junos 20.3 cpe:2.3:o:juniper:junos:20.3:-:*:*:*:*:*:*
juniper junos 20.3 cpe:2.3:o:juniper:junos:20.3:r1:*:*:*:*:*:*
juniper junos 20.3 cpe:2.3:o:juniper:junos:20.3:r1-s1:*:*:*:*:*:*
juniper junos 20.3 cpe:2.3:o:juniper:junos:20.3:r1-s2:*:*:*:*:*:*
juniper junos 20.3 cpe:2.3:o:juniper:junos:20.3:r2:*:*:*:*:*:*
juniper junos 20.3 cpe:2.3:o:juniper:junos:20.3:r2-s1:*:*:*:*:*:*

References for CVE-2021-25220

URL Tags
https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf Patch Third Party Advisory
https://kb.isc.org/v1/docs/cve-2021-25220 Mitigation Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SXT7247QTKNBQ67MNRGZD23ADXU6E5U/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VX3I2U3ICOIEI5Y7OYA6CHOLFMNH3YQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/API7U5E7SX7BAAVFNW366FFJGD6NZZKV/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DE3UAVCPUMAKG27ZL5YXSP2C3RIOW3JZ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYD7US4HZRFUGAJ66ZTHFBYVP5N3OQBY/
https://security.gentoo.org/glsa/202210-25 Third Party Advisory
https://security.netapp.com/advisory/ntap-20220408-0001/ Third Party Advisory
https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX-Series-Cache-poisoning-vulnerability-in-BIND-used-by-DNS-Proxy-CVE-2021-25220?language=en_US
cvelogic Threat Intelligence