ISC has disclosed one vulnerability in Stork (CVE-2025-8696)

[Ben Scott <bscott () isc org>]

On 10 September 2025 we (Internet Systems Consortium) disclosed one vulnerability affecting our Stork software:

- CVE-2025-8696:        DoS attack against the Stork UI from an unauthorized user https://kb.isc.org/docs/cve-2025-8696

New version(s) of Stork are available at the following URL(s):

Stable: https://downloads.isc.org/isc/stork/2.2.1/

With the public announcement of these vulnerabilities, the embargo period is ended and any updated software packages 
that have been prepared may be released.

Please note that CVE-2025-8696 also affects the current Stork development version, 2.3.0. Anyone who has Stork 2.3.0 
deployed is advised to employ mitigations until 2.3.1 is released, currently planned for October 6, 2025.

-- 
Ben Scott 
Support Engineer
Internet Systems Consortium