What is the CVSS score of EUVD-2025-19001?

EUVD-2025-19001 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Which versions of DNS are affected by EUVD-2025-19001?

CVE-2025-2962 is a high-severity denial-of-service vulnerability affecting DNS implementations that could cause service interruptions.

Is there a public PoC exploit available for EUVD-2025-19001?

Yes, a public proof-of-concept exploit is available for EUVD-2025-19001. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate EUVD-2025-19001?

Within 24 hours: Inventory all DNS systems and identify which are vulnerable; implement network access controls to restrict DNS query sources. Within 7 days: Deploy compensating controls including rate limiting on DNS queries, network segmentation isolating DNS services, and enhanced monitoring for suspicious DNS activity patterns. Within 30 days: Establish contact with DNS vendor for patch timelines; evaluate alternative DNS providers if patching timeline is unacceptable; conduct full impact assessment of DNS outage scenarios.

DNS EUVD-2025-19001

| CVE-2025-2962 HIGH

Loop with Unreachable Exit Condition (Infinite Loop) (CWE-835)

2025-06-24 vulnerabilities@zephyrproject.org

Denial Of Service DNS Zephyr

7.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.5 HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 22:36 euvd

EUVD-2025-19001

Analysis Generated

Mar 15, 2026 - 22:36 vuln.today

PoC Detected

Oct 30, 2025 - 15:50 vuln.today

Public exploit code

CVE Published

Jun 24, 2025 - 06:15 nvd

HIGH 7.5

DescriptionCVE.org

A denial-of-service issue in the dns implemenation could cause an infinite loop.

AnalysisAI

CVE-2025-2962 is a denial-of-service vulnerability in a DNS implementation that triggers an infinite loop condition, allowing unauthenticated remote attackers to crash DNS services with high availability impact. The vulnerability affects DNS resolver implementations and has a CVSS score of 7.5 (High) with a network-based attack vector requiring no privileges or user interaction. While the CVE ID and basic metadata are provided, specific product names, versions, KEV status, EPSS scores, and public proof-of-concept availability cannot be confirmed from the limited data supplied.

Technical ContextAI

The vulnerability exists in DNS protocol implementation logic, classified under CWE-835 (Loop with Unreachable Exit Condition). This weakness indicates improper control flow in DNS packet parsing or response handling that fails to properly validate loop termination conditions. DNS implementations typically parse zone file records, handle recursive queries, or process DNSSEC validation—any of these paths could contain unbounded loops triggered by malformed DNS queries or responses. Without specific CPE data provided, the affected products cannot be definitively identified, but this class of vulnerability commonly affects BIND, Unbound, PowerDNS, systemd-resolved, and other widely-deployed resolver implementations. The infinite loop likely occurs during DNS name compression decompression, DNAME/CNAME chain following, or recursive resolution without proper depth limits.

RemediationAI

Without vendor advisory links or patch version information provided in the data, specific remediation cannot be prescribed. General remediation steps include: (1) Identify all DNS resolver instances in your infrastructure (both authoritative nameservers and recursive resolvers); (2) Monitor official security advisories from your DNS implementation vendor (ISC, NLnet Labs, PowerDNS, etc.) for patch releases addressing CVE-2025-2962; (3) Apply vendor-supplied patches immediately upon availability, prioritizing production DNS infrastructure; (4) Implement query rate limiting and DNS firewall rules to mitigate infinite-loop triggering queries while patches are pending; (5) Monitor DNS service logs for signs of resource exhaustion or unusual query patterns. Contact your DNS software vendor directly for patch availability and timeline if not yet publicly available.

EUVD-2025-19001 vulnerability details – vuln.today

Back

DNS EUVD-2025-19001

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code