Cyber Resilience

CVE-2025-50334

HighPublic PoCDDoS

Published: 08 January 2026

Published
08 January 2026
Modified
12 January 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0014 33.8th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-50334 is a high-severity Allocation of Resources Without Limits or Throttling (CWE-770) vulnerability in Technitium Dnsserver. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 33.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-6 (Resource Availability).

Deeper analysis

CVE-2025-50334 is a denial-of-service vulnerability in Technitium DNS Server version 13.5. The flaw exists in the rate-limiting component, enabling a remote attacker to trigger a DoS condition. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and is linked to CWE-770 (Allocation of Resources Without Limits or Throttling). The vulnerability was published on 2026-01-08.

The attack requires network access and can be carried out remotely by an unauthenticated attacker with low complexity and no user interaction. Exploitation leads to high-impact disruption of availability, potentially rendering the DNS server unresponsive, while confidentiality and integrity remain unaffected.

Mitigation guidance appears in referenced advisories and resources, including the Technitium website at http://technitium.com, a GitHub security advisory at https://github.com/FPokerFace/Security-Advisory/tree/main/CVE-2025-50334, the DnsServer CHANGELOG at https://github.com/TechnitiumSoftware/DnsServer/blob/master/CHANGELOG.md, vulnerable source code at https://github.com/TechnitiumSoftware/DnsServer/blob/v13.3/DnsServerCore/Dns/DnsServer.cs, and a related commit at https://github.com/TechnitiumSoftware/DnsServer/commit/7229b217238213cc6275eea68a7e17d73df1603e. Security practitioners should consult these for patch details and upgrade recommendations.

EU & UK References

Vulnerability details

An issue in Technitium DNS Server v.13.5 allows a remote attacker to cause a denial of service via the rate-limiting component

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Direct remote exploitation of rate-limiting flaw (CWE-770) in DNS server enables application/service DoS via T1499.004.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-42255Same product: Technitium Dnsserver
CVE-2021-47877Shared CWE-770
CVE-2026-3260Shared CWE-770
CVE-2025-66560Shared CWE-770
CVE-2025-68136Shared CWE-770
CVE-2020-37038Shared CWE-770
CVE-2025-36070Shared CWE-770
CVE-2021-47791Shared CWE-770
CVE-2021-47876Shared CWE-770
CVE-2019-25342Shared CWE-770

Affected Assets

technitium
dnsserver
≤ 14.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires implementation of denial-of-service protections to limit or detect attacks exploiting rate-limiting flaws like this CVE.

prevent

Mandates monitoring and protection against resource exhaustion from unlimited allocations without throttling, precisely addressing CWE-770 in this vulnerability.

prevent

Ensures timely scanning, testing, and patching of software flaws such as the rate-limiting defect in Technitium DNS Server v13.5.

References