The vulnerability arises when PowerDNS authoritative fails to correctly process TCP PROXY requests within multiple views. This flawed behavior can cause the DNS server to return incorrect view results, potentially exposing data that should be scoped to a specific view. The impact consists primarily of unintended information disclosure to a client that is able to send TCP PROXY headers, upsetting the intended separation of view data. This weakness is represented by CWE‑200 and CWE‑284, indicating inadequate access control and information exposure.

PowerDNS Authoritative servers may be affected. The advisory does not list specific vulnerable versions, so all instances of the product that process TCP PROXY requests should be checked and remedied. The vendor’s documentation and advisory page provide further guidance on affected releases.

The CVSS score for this issue is 4.8, indicating a moderate severity. EPSS information is not available, and the vulnerability is not indexed in CISA’s KEV catalog, suggesting that there is currently no widely known exploitation. Nonetheless, because the flaw permits incorrect view selection, an attacker can potentially gain access to DNS data that should remain isolated. The attack vector is likely a crafted TCP PROXY request sent to the authoritative server, and the described failure indicates that authentication or view gating checks are bypassed. Security teams should treat this as a moderate risk and implement available mitigations promptly.