Two safety vulnerabilities have been found within the OpenSSH safe networking utility suite that, if efficiently exploited, might lead to an energetic machine-in-the-middle (MitM) and a denial-of-service (DoS) assault, respectively, below sure situations.
The vulnerabilities, detailed by the Qualys Menace Analysis Unit (TRU), are listed under –
- CVE-2025-26465 – The OpenSSH consumer accommodates a logic error between variations 6.8p1 to 9.9p1 (inclusive) that makes it susceptible to an energetic MitM assault if the VerifyHostKeyDNS possibility is enabled, permitting a malicious interloper to impersonate a reputable server when a consumer makes an attempt to hook up with it (Launched in December 2014)
- CVE-2025-26466 – The OpenSSH consumer and server are susceptible to a pre-authentication DoS assault between variations 9.5p1 to 9.9p1 (inclusive) that causes reminiscence and CPU consumption (Launched in August 2023)
“If an attacker can carry out a man-in-the-middle assault through CVE-2025-26465, the consumer could settle for the attacker’s key as a substitute of the reputable server’s key,” Saeed Abbasi, supervisor of product at Qualys TRU, stated.
“This may break the integrity of the SSH connection, enabling potential interception or tampering with the session earlier than the person even realizes it.”
In different phrases, a profitable exploitation might allow malicious actors to compromise and hijack SSH classes, and achieve unauthorized entry to delicate knowledge. It is value noting that the VerifyHostKeyDNS possibility is disabled by default.
Repeated exploitation of CVE-2025-26466, however, can lead to availability points, stopping directors from managing servers and locking reputable customers out, successfully crippling routine operations.
Each the vulnerabilities have been addressed in model OpenSSH 9.9p2 launched at the moment by OpenSSH maintainers.
The disclosure comes over seven months after Qualys make clear one other OpenSSH flaw dubbed regreSSHion (CVE-2024-6387) that would have resulted in unauthenticated distant code execution with root privileges in glibc-based Linux techniques.