CVE-2025-1675

Summary

CVE-2025-1675 is a vulnerability affecting the dns_pack.c file in certain DNS (Domain Name System) software. The issue lies in the function dns_copy_qname, which carries out a memcpy operation using an untrusted source buffer. There is no verification that the source buffer is sufficiently large to accommodate the data being copied, potentially leading to a buffer overflow. An attacker could exploit this vulnerability by supplying specially crafted DNS query data, causing the software to crash or execute arbitrary code. This could result in serious consequences, including system compromise or denial of service attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.