CVE-2025-50334
Published: 08 January 2026
Summary
CVE-2025-50334 is a high-severity Allocation of Resources Without Limits or Throttling (CWE-770) vulnerability in Technitium Dnsserver. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 33.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-6 (Resource Availability).
Deeper analysis
CVE-2025-50334 is a denial-of-service vulnerability in Technitium DNS Server version 13.5. The flaw exists in the rate-limiting component, enabling a remote attacker to trigger a DoS condition. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and is linked to CWE-770 (Allocation of Resources Without Limits or Throttling). The vulnerability was published on 2026-01-08.
The attack requires network access and can be carried out remotely by an unauthenticated attacker with low complexity and no user interaction. Exploitation leads to high-impact disruption of availability, potentially rendering the DNS server unresponsive, while confidentiality and integrity remain unaffected.
Mitigation guidance appears in referenced advisories and resources, including the Technitium website at http://technitium.com, a GitHub security advisory at https://github.com/FPokerFace/Security-Advisory/tree/main/CVE-2025-50334, the DnsServer CHANGELOG at https://github.com/TechnitiumSoftware/DnsServer/blob/master/CHANGELOG.md, vulnerable source code at https://github.com/TechnitiumSoftware/DnsServer/blob/v13.3/DnsServerCore/Dns/DnsServer.cs, and a related commit at https://github.com/TechnitiumSoftware/DnsServer/commit/7229b217238213cc6275eea68a7e17d73df1603e. Security practitioners should consult these for patch details and upgrade recommendations.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-1441
Vulnerability details
An issue in Technitium DNS Server v.13.5 allows a remote attacker to cause a denial of service via the rate-limiting component
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct remote exploitation of rate-limiting flaw (CWE-770) in DNS server enables application/service DoS via T1499.004.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires implementation of denial-of-service protections to limit or detect attacks exploiting rate-limiting flaws like this CVE.
Mandates monitoring and protection against resource exhaustion from unlimited allocations without throttling, precisely addressing CWE-770 in this vulnerability.
Ensures timely scanning, testing, and patching of software flaws such as the rate-limiting defect in Technitium DNS Server v13.5.