Updates have been issued by CoreDNS to fix a high-severity flaw in its DNS-over-QUIC implementation, tracked as CVE-2025-47950, which could be exploited to disrupt DNS servers via stream amplification intrusions, GBHackers News reports.
Multi-tenant software-as-a-service platforms with shared CoreDNS instances, edge computing nodes with less than 4 GB of RAM, and CI/CD pipelines dependent on DNS-based service discovery were most likely to be compromised in attacks involving the vulnerability, which arose from the generation of new goroutines without concurrency limits following every incoming QUIC stream. Threat actors with low bandwidth and no privileges could leverage such an issue to not only open unlimited streams and prompt OOM crashes but also evade authentication through standard DNS-over-QUIC handshakes. Organizations have been recommended to immediately apply the released patch, which restricts streams for QUIC connections and establishes global worker pool size. Meanwhile, those that cannot do so have been advised to deactivate DoQ and track QUIC traffic.
Multi-tenant software-as-a-service platforms with shared CoreDNS instances, edge computing nodes with less than 4 GB of RAM, and CI/CD pipelines dependent on DNS-based service discovery were most likely to be compromised in attacks involving the vulnerability, which arose from the generation of new goroutines without concurrency limits following every incoming QUIC stream. Threat actors with low bandwidth and no privileges could leverage such an issue to not only open unlimited streams and prompt OOM crashes but also evade authentication through standard DNS-over-QUIC handshakes. Organizations have been recommended to immediately apply the released patch, which restricts streams for QUIC connections and establishes global worker pool size. Meanwhile, those that cannot do so have been advised to deactivate DoQ and track QUIC traffic.
