CVE-2025-68151 – CoreDNS servers running gRPC, HTTPS, or HTTP/3 ... (How to Fix)

📋 TL;DR

CoreDNS servers running gRPC, HTTPS, or HTTP/3 protocols are vulnerable to denial-of-service attacks due to missing resource limits. Unauthenticated attackers can crash or degrade server performance by flooding connections, streams, or sending oversized requests. This affects all CoreDNS deployments using these protocols before version 1.14.0.

💻 Affected Systems

Products:

CoreDNS

Versions: All versions prior to 1.14.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects deployments using gRPC, HTTPS, or HTTP/3 server types

📦 What is this software?

Coredns by Coredns.io

View all CVEs affecting Coredns →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service outage with CoreDNS crashing, disrupting all DNS resolution for dependent services

🟠

Likely Case

Performance degradation and intermittent service disruption affecting DNS reliability

🟢

If Mitigated

Minimal impact with proper network controls and monitoring in place

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple DoS attack requiring only network access to vulnerable ports

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.14.0

Vendor Advisory: https://github.com/coredns/coredns/security/advisories/GHSA-527x-5wrf-22m2

Restart Required: Yes

Instructions:

1. Update CoreDNS to version 1.14.0 or later
2. Restart CoreDNS service
3. Verify the new version is running

🔧 Temporary Workarounds

Network ACL Restrictions

linux

Restrict access to CoreDNS gRPC/HTTPS/HTTP/3 ports to trusted sources only

iptables -A INPUT -p tcp --dport 443 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j DROP

Connection Rate Limiting

linux

Use system-level connection rate limiting to mitigate flood attacks

iptables -A INPUT -p tcp --dport 443 -m limit --limit 10/second --limit-burst 20 -j ACCEPT

🧯 If You Can't Patch

Disable gRPC, HTTPS, and HTTP/3 server types if not required
Implement network-level DDoS protection and connection rate limiting

🔍 How to Verify

Check if Vulnerable:

Check CoreDNS version and enabled plugins: coredns -version | grep -E 'CoreDNS-1\.(0-13|14\.0)'

Check Version:

coredns -version

Verify Fix Applied:

Confirm version is 1.14.0 or later: coredns -version

📡 Detection & Monitoring

Log Indicators:

Unusual connection spikes
Memory exhaustion warnings
Server restart/crash logs

Network Indicators:

High volume of connections to gRPC/HTTPS/HTTP/3 ports
Abnormal request sizes

SIEM Query:

source="coredns" AND ("out of memory" OR "panic" OR "connection flood")

📊 Metadata

CVE ID: CVE-2025-68151

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-770

EPSS Score: 0.13% exploit probability (33.2th percentile)

Published: January 8, 2026

Last Updated: January 22, 2026

🔗 References

https://github.com/coredns/coredns/commit/0d8cbb1a6bcb6bc9c1a489865278b8725fa20812 Patch
https://github.com/coredns/coredns/pull/7490 Issue Tracking,Patch
https://github.com/coredns/coredns/security/advisories/GHSA-527x-5wrf-22m2 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-68151, you might also want to check these: