Two safety vulnerabilities have been found within the OpenSSH safe networking utility suite that, if efficiently exploited, may end in an lively machine-in-the-middle (MitM) and a denial-of-service (DoS) assault, respectively, beneath sure circumstances.
The vulnerabilities, detailed by the Qualys Risk Analysis Unit (TRU), are listed under –
- CVE-2025-26465 (CVSS rating: 6.8) – The OpenSSH consumer incorporates a logic error between variations 6.8p1 to 9.9p1 (inclusive) that makes it susceptible to an lively MitM assault if the VerifyHostKeyDNS possibility is enabled, permitting a malicious interloper to impersonate a professional server when a consumer makes an attempt to connect with it (Launched in December 2014)
- CVE-2025-26465 (CVSS rating: 5.9) – The OpenSSH consumer and server are susceptible to a pre-authentication DoS assault between variations 9.5p1 to 9.9p1 (inclusive) that causes reminiscence and CPU consumption (Launched in August 2023)
“If an attacker can carry out a man-in-the-middle assault through CVE-2025-26465, the consumer might settle for the attacker’s key as an alternative of the professional server’s key,” Saeed Abbasi, supervisor of product at Qualys TRU, mentioned.
“This might break the integrity of the SSH connection, enabling potential interception or tampering with the session earlier than the consumer even realizes it.”
In different phrases, a profitable exploitation may allow malicious actors to compromise and hijack SSH periods, and acquire unauthorized entry to delicate information. It is price noting that the VerifyHostKeyDNS possibility is disabled by default.
That mentioned, the choice was enabled by default on FreeBSD from September 2013 till March 2023, thereby doubtlessly exposing machines operating the Unix-like working system to potential dangers.
Repeated exploitation of CVE-2025-26466, however, can lead to availability points, stopping directors from managing servers and locking professional customers out, successfully crippling routine operations.
Each the vulnerabilities have been addressed in model OpenSSH 9.9p2 launched at this time by OpenSSH maintainers.
The disclosure comes over seven months after Qualys make clear one other OpenSSH flaw dubbed regreSSHion (CVE-2024-6387, CVSS rating: 8.1) that might have resulted in unauthenticated distant code execution with root privileges in glibc-based Linux programs.
