CoreDNS Vulnerability Allows Attackers to Poison DNS Cache and Block Updates
Posted: Sun Sep 14, 2025 4:27 pm
A critical flaw in CoreDNS’s etcd plugin can let attackers pin DNS records in caches for years, effectively blocking legitimate updates.
This vulnerability, tracked as CVE-2025-58063, stems from incorrect handling of etcd lease IDs. It affects every CoreDNS release from version 1.2.0 onward and was patched in version 1.12.4, as per a report by Researcher in Github.
Security teams should urgently update and review TTL settings to prevent long-term cache poisoning.
https://gbhackers.com/coredns-vulnerability-2/
This vulnerability, tracked as CVE-2025-58063, stems from incorrect handling of etcd lease IDs. It affects every CoreDNS release from version 1.2.0 onward and was patched in version 1.12.4, as per a report by Researcher in Github.
Security teams should urgently update and review TTL settings to prevent long-term cache poisoning.
https://gbhackers.com/coredns-vulnerability-2/