CVE-2025-71058 - Vulnerability Analysis
CriticalCVSS: 9.1Last Updated: April 9, 2026
Dual DHCP DNS Server - DNS Cache Poisoning
Published: April 7, 2026Updated: April 9, 2026Remote Exploitable
Overview
Dual DHCP DNS Server 8.01 contains a DNS cache poisoning vulnerability caused by improper validation of UDP DNS responses, letting remote attackers inject forged responses and poison the DNS cache, exploit requires no special privileges.
Severity & Score
Severity: Critical
CVSS Score: 9.1
Impact
Remote attackers can poison DNS cache, redirecting users to malicious sites and enabling phishing or further attacks.
Mitigation
Update to the latest version with proper DNS response validation.
References
Related Resources
Details
- CVE ID
- CVE-2025-71058
- Severity
- Critical
- CVSS Score
- 9.1
- Type
- dns_rebinding
- Status
- unconfirmed
CWE
- CWE-94
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H