On 10 September 2025 we (Internet Systems Consortium) disclosed one vulnerability affecting our Stork software:
- CVE-2025-8696: DoS attack against the Stork UI from an unauthorized user https://kb.isc.org/docs/cve-2025-8696 New version(s) of Stork are available at the following URL(s): Stable: https://downloads.isc.org/isc/stork/2.2.1/ With the public announcement of these vulnerabilities, the embargo period is ended and any updated software packages that have been prepared may be released. Please note that CVE-2025-8696 also affects the current Stork development version, 2.3.0. Anyone who has Stork 2.3.0 deployed is advised to employ mitigations until 2.3.1 is released, currently planned for October 6, 2025. -- Ben Scott Support Engineer Internet Systems Consortium
