CVE-2025-30194
CVSS 3.1 Score 7.5 of 10 (high)
Details
Published Apr 29, 2025
CWE ID 416
Summary
CVE-2025-30194 is a denial-of-service vulnerability affecting DNSdist when used with the nghttp2 provider for DNS-over-HTTPS (DoH). An attacker can exploit this issue by crafting a malicious DoH exchange, resulting in an illegal memory access and causing DNSdist to crash. To mitigate this vulnerability, users are advised to upgrade to the patched 1.9.9 version. A temporary workaround is to switch to the h2o provider until an upgraded version is installed. We extend our gratitude to Charles Howes for reporting this issue.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.