Cyber Posture

CVE-2025-71058

Critical

Published: 07 April 2026

Published
07 April 2026
Modified
21 April 2026
KEV Added
Patch
CVSS Score 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
EPSS Score 0.0014 34.2th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

Dual DHCP DNS Server 8.01 improperly accepts and caches UDP DNS responses without validating that the response originates from a legitimate configured upstream DNS server. The implementation matches responses primarily by TXID and inserts results into the cache, enabling a…

more

remote attacker to inject forged responses and poison the DNS cache, potentially redirecting victims to attacker-controlled destinations.

Mitigating Controls (NIST 800-53 r5)AI

SC-21 Secure Name/Address Resolution Service (Recursive or Caching Resolver) good match
prevent

SC-21 requires recursive or caching DNS resolvers to validate response authenticity and origin, directly preventing cache poisoning from forged UDP responses lacking source validation.

SC-22 Architecture and Provisioning for Name/Address Resolution Service partial match
prevent

SC-22 mandates architectural provisioning of DNS services with cryptographic mechanisms, supporting validation of upstream responses to mitigate poisoning attacks.

SC-7 Boundary Protection partial match
prevent

SC-7 boundary protection restricts network communications to only legitimate upstream DNS server sources, blocking forged responses from unauthorized origins.

Security SummaryAI

CVE-2025-71058 is a DNS cache poisoning vulnerability in Dual DHCP DNS Server version 8.01. The software improperly accepts and caches UDP DNS responses without validating that they originate from a legitimate configured upstream DNS server. It matches responses primarily by transaction ID (TXID) and inserts them into the cache, which enables the injection of forged responses. The issue is classified under CWE-94 (Improper Control of Generation of Code ('Code Injection')) and carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H).

A remote attacker with network access can exploit this vulnerability without privileges or user interaction by sending forged UDP DNS responses that match the TXID of legitimate queries. Successful exploitation poisons the DNS cache, allowing the attacker to redirect victims querying the server to attacker-controlled destinations, compromising traffic integrity and potentially disrupting availability through malicious insertions.

References include a proof-of-concept exploit code at https://github.com/FPokerFace/Security-Advisory/blob/main/CVE-2025-71058/poc.c and further details in the repository at https://github.com/FPokerFace/Security-Advisory/tree/main/CVE-2025-71058. The project page for Dual DHCP DNS Server is hosted at https://sourceforge.net/projects/dhcp-dns-server/. No vendor advisories or patches are specified in the available information.

Details

CWE(s)
CWE-94

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1557 Adversary-in-the-Middle Credential Access
Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.
attack.mitre.org →
Why these techniques?

The vulnerability is a DNS cache poisoning issue in a public-facing DNS server exploitable remotely without authentication (T1190), directly enabling adversary-in-the-middle attacks by forging DNS responses to redirect client traffic (T1557).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References