Simple DNS Plus

CVE-2025-61430

A CVE was recently posted claiming that "Simple DNS Plus v9 has a vulnerability in its DNS over TCP handling that lets remote attackers view DNS queries from other clients."

We have NOT been able to reproduce the mentioned results, and after carefully examining and testing the related Simple DNS Plus source code, we cannot see any way for this to reasonably happen.

We have analyzed and tested the provided JavaScript sample code which claims to demonstrate the vulnerability.

Upon receipt of the data packet provided in the sample code, Simple DNS Plus immediately closes the TCP socket connection opened by the JavaScript code and never returns a response.
Simple DNS Plus acts like this because the sample data packet is not a valid DNS request (looks somewhat random).

We have run the sample code against a busy Simple DNS Plus server several hundred thousand times - and never gotten a response of any kind.

As for the suggested "mitigations":

  • "Validating packet length directly instead of relying on the header":

    This doesn't really make sense.
    The "length header" (the first two bytes) specifies how many of the following bytes make up the DNS packet. Simple DNS Plus does not begin processing a packet before all the data of that packet has been received and copies only that part of the TCP stream into a separate buffer representing the complete DNS packet. If more data is received beyond this, that data is processed as another separate DNS packet.

  • "Make sure each connection has an individual buffer":
    In Simple DNS Plus, each DNS packet has a separate buffer (a TCP stream may contain multiple DNS packets). And these buffers are never reused.

Please note:

  • We have not been contacted by the author of this CVE prior to publication (generally considered best practice).
  • No one else (as far as we know) has reproduced the reported behavior (if so, please contact us).
  • It is not possible for us to fully replicate the CVE author's environment, and his findings could conceivably be due to something on his computer / network interfering with the DNS traffic.

Ref: https://www.cve.org/CVERecord?id=CVE-2025-61430

Simple DNS Plus

  • Home
  • Product details

  • Features
  • Screen shots
  • Plug-ins
  • Tools & Add-ons
  • Testimonials
  • What's new
  • Release notes
  • Download

  • Download
  • Buy

  • Pricing
  • New license
  • Additional license
  • Upgrade
  • Support

  • Overview
  • Lost License Key
  • Knowledge Base
  • Online documentation
  • Community Forum
  • Contact us