A critical remote code injection vulnerability, identified as CVE-2025-53577, has been discovered in thehp Global DNS software. This flaw allows an unauthenticated remote attacker to execute arbitrary code on the affected server, leading to a complete system compromise. Due to the critical nature and perfect CVSS score of 10.0, this vulnerability poses a severe and immediate threat to the confidentiality, integrity, and availability of the organization's network infrastructure.

The vulnerability is an Improper Control of Generation of Code, commonly known as Code Injection. An attacker can exploit this flaw by sending a specially crafted request to the affected DNS service. The application fails to properly sanitize user-supplied input, which is then used in a function that allows for remote code or file inclusion. A remote, unauthenticated attacker can leverage this to include and execute malicious code from an external source, granting them full control over the underlying server.

This vulnerability is rated as critical severity with a CVSS score of 10.0. A successful exploit would result in a complete compromise of the DNS server, which is a foundational component of network infrastructure. Potential consequences include widespread service disruption, redirection of legitimate traffic to malicious sites for phishing or malware distribution, interception of sensitive data, and using the compromised server as a pivot point to attack other internal systems. The risk to the organization is exceptionally high, as it could lead to significant financial loss, reputational damage, and regulatory penalties.

Immediate Action: Immediately apply the security updates provided by the vendor to patch thehp Global DNS to a version higher than 3.1.0. Before patching, take a system snapshot or backup to ensure restorability. After patching, verify that the service is operating correctly.

Proactive Monitoring: Security teams should actively monitor for signs of compromise. This includes reviewing DNS query logs for unusual or malformed requests, inspecting web server or API access logs for patterns indicative of remote file inclusion (e.g., requests containing URLs or file paths), and monitoring for unexpected outbound network connections from the DNS server. System monitoring should also be in place to detect unauthorized processes or file modifications on the server.

Compensating Controls: If immediate patching is not feasible, implement the following compensating controls:

• Deploy a Web Application Firewall (WAF) or Intrusion Prevention System (IPS) with rulesets designed to detect and block remote code/file inclusion and code injection attack patterns.
• Restrict network access to the management interface of the DNS server to a limited set of trusted administrative IP addresses.
• Enforce strict egress filtering on the DNS server to prevent it from establishing outbound connections to arbitrary external hosts, which would hinder an attacker's ability to download malicious payloads.

Public Exploit Available: true

Given the critical CVSS score of 10.0 and the public availability of exploit code, this vulnerability represents a clear and present danger to the organization. The immediate patching of all affected thehp Global DNS instances must be treated as the highest priority. Although this vulnerability is not yet listed on the CISA Known Exploited Vulnerabilities (KEV) catalog, its severity makes it a prime candidate for future inclusion. Organizations must assume they are being targeted and act decisively to remediate this flaw before it can be exploited.