CoreDNS Vulnerability Allows Attackers to Poison DNS Cache and Block Updates
gbhackersA critical flaw in CoreDNS’s etcd plugin can let attackers pin DNS records in caches for years, effectively blocking legitimate updates.
This vulnerability, tracked as CVE-2025-58063, stems from incorrect handling of etcd lease IDs. It affects every CoreDNS release from version 1.2.0 onward and was patched in version 1.12.4, as per a report by Researcher in Github.
Security teams should urgently update and review TTL settings to prevent long-term cache poisoning.
Vulnerability Details
The vulnerability arises in the plugin/etcd/etcd.go file, where the TTL() function mistakenly casts a 64-bit lease ID into a 32-bit unsigned integer.
Lease IDs are meant as opaque identifiers, not duration values. When the code treats the truncated ID as the TTL, it can produce extremely large values.
| CVE ID | Vulnerability | Affected Versions | Patched Version | Severity |
| CVE-2025-58063 | DNS Cache Pinning via etcd Lease ID Confusion | ≥1.2.0 | 1 ... |
Copyright of this story solely belongs to gbhackers . To see the full text click HERE