CVE-2025-40775 – BIND DNS Invalid TSIG Algorithm Field Vulnerability

May 21, 2025

CVE ID : CVE-2025-40775

Published : May 21, 2025, 1:16 p.m. | 1 hour, 34 minutes ago

Description : When an incoming DNS protocol message includes a Transaction Signature (TSIG), BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately aborts with an assertion failure.
This issue affects BIND 9 versions 9.20.0 through 9.20.8 and 9.21.0 through 9.21.7.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-48415 – Cisco USB Backdoor Command Injection Vulnerability

Next Article CVE-2025-1421 – Konsola Proget Remote Code Execution Vulnerability

Highlights

CVE-2025-53013 – Microsoft Azure Entra ID and Intune Himmelblau Linux Offline Authentication Bypass

June 26, 2025

CVE ID : CVE-2025-53013

Published : June 26, 2025, 6:15 p.m. | 3 hours, 6 minutes ago

Description : Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. A vulnerability present in versions 0.9.10 through 0.9.16 allows a user to authenticate to a Linux host via Himmelblau using an *invalid* Linux Hello PIN, provided the host is offline. While the user gains access to the local system, Single Sign-On (SSO) fails due to the network being down and the inability to issue tokens (due to a failure to unlock the Hello key). The core issue lies in an incorrect assumption within the `acquire_token_by_hello_for_business_key` function: it was expected to return a `TPMFail` error for an invalid Hello key when offline, but instead, a preceding nonce request resulted in a `RequestFailed` error, leading the system to erroneously transition to an offline success state without validating the Hello key unlock. This impacts systems using Himmelblau for authentication when operating in an offline state with Hello PIN authentication enabled. Rocky Linux 8 (and variants) are not affected by this vulnerability. The problem is resolved in Himmelblau version 0.9.17. A workaround is available for users who cannot immediately upgrade. Disabling Hello PIN authentication by setting `enable_hello = false` in `/etc/himmelblau/himmelblau.conf` will mitigate the vulnerability.

Severity: 5.2 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Designing For TV: The Evergreen Pattern That Shapes TV Experiences

Amplitude launches new self-service capabilities for marketing initiatives

Microsoft packs Visual Studio August update with smarter AI features

Optimizing PWAs For Different Display Modes

Why this $25 ratchet tool beats any multitool or Swiss Army Knife I’ve ever tested

One of my favorite sports watches from 2024 just got upgrades in all the right places

Google’s AI Mode is getting more links for you not to click on

I still prefer Apple Watch over Oura Ring for 3 key reasons – but there is one big drawback

Heartbeat Collection Method in Laravel 12.26; Wayfinder Now in React and Vue Starter Kits

Heartbeat Collection Method in Laravel 12.26; Wayfinder Now in React and Vue Starter Kits

spatie/laravel-rdap

mvanduijker/laravel-mercure-broadcaster

Geekom’s A9 Max mini PC is so good that I want to turn off my desktop gaming rig — and it’s not bad at AI, either

Geekom’s A9 Max mini PC is so good that I want to turn off my desktop gaming rig — and it’s not bad at AI, either

‘There Are No Ghosts At The Grand’ looks glorious — I’m more excited than ever for this upcoming Xbox Game Pass release

Epic Games CEO Tim Sweeney says Unreal Engine 5’s performance problems aren’t about the engine — they’re about when developers choose to optimize

CVE-2025-40775 – BIND DNS Invalid TSIG Algorithm Field Vulnerability

First known AI-powered ransomware uncovered by ESET Research

Blind Eagle’s Five Clusters Target Colombia Using RATs, Phishing Lures, and Dynamic DNS Infra

New ‘Curly COMrades’ APT Using NGEN COM Hijacking in Georgia, Moldova Attacks

CVE-2025-4725 – iSourcecode Placement Management System SQL Injection

CVE-2025-22874 – DigiCert SSL Verify Certificate Validation Bypass

Rilasciata Rhino Linux 2025.3: distribuzione GNU/Linux basata su Ubuntu con aggiornamento continuo

CVE-2025-53013 – Microsoft Azure Entra ID and Intune Himmelblau Linux Offline Authentication Bypass

Elpher is a gopher and gemini client for Emacs

CVE-2025-9244 – “Linksys Router AddStaticRoute Command Injection Vulnerability”

CVE-2025-5227 – PHPGurukul Small CRM SQL Injection Vulnerability

CVE-2025-40775 – BIND DNS Invalid TSIG Algorithm Field Vulnerability

Related Posts