CVE-2024-25638 HIGH

CVE-2024-25638: DNSJava DNSSEC Bypass

Vendor Dnsjava

Product dnsjava

Weakness CWE-345

Published July 22, 2024

Last update July 24, 2025

View on NVD All CVEs

CVSS base score

8.9/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L

What the vulnerability does

Description

dnsjava is an implementation of DNS in Java. Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. This vulnerability is fixed in 3.6.0.

Key dates

Disclosure timeline

July 22, 2024 CVE published

July 24, 2025 Record updated