FlagThis

The Qualys Threat Research Unit (TRU) has revealed two significant vulnerabilities in OpenSSH, impacting both client and server components. The first, CVE-2025-26465, is a machine-in-the-middle (MitM) attack that targets OpenSSH clients when the VerifyHostKeyDNS option is enabled. The second, CVE-2025-26466, involves a pre-authentication denial-of-service (DoS) attack affecting both client and server systems by exhausting resources. These vulnerabilities expose systems to potential interception of communications and resource exhaustion, potentially crippling SSH servers.

The MitM vulnerability, CVE-2025-26465, allows attackers to impersonate a server, bypassing client identity checks even if VerifyHostKeyDNS is set to "yes" or "ask". This flaw was introduced in December 2014 and affects OpenSSH versions 6.8p1 through 9.9p1. The DoS vulnerability, CVE-2025-26466, enables attackers to consume excessive memory and CPU resources, impacting versions 9.5p1 through 9.9p1. While mitigations exist, such as LoginGraceTime and MaxStartups, immediate patching is strongly advised. OpenSSH version 9.9p2 addresses these vulnerabilities, urging administrators to upgrade affected systems promptly.

ImgSrc: mnwa9ap4czgf-u1335.pressidiumcdn.com

References:

• CyberInsider - OpenSSH Vulnerabilities Exposed Millions to Multi-Year Risks - 3d
• buherator's timeline - Qualys Security Advisory CVE-2025-26465: MitM attack against OpenSSH's VerifyHostKeyDNS-enab... - 3d
• Open Source Security - Qualys Security Advisory discussing MitM and DoS attacks against OpenSSH clients and servers. - 3d
• Vulnerability Archives ? Cybersecurity News - Securityonline.info article on OpenSSH flaws CVE-2025-26465 and CVE-2025-26466 exposing clients and servers to attacks. - 3d
• www.openwall.com - Qualys Security Advisory CVE-2025-26465: MitM attack against OpenSSH's VerifyHostKeyDNS-enab... - 3d
• cyberinsider.com - The Qualys Threat Research Unit (TRU) has disclosed two critical vulnerabilities in OpenSSH affecting both client and server components. - 3d
• securityonline.info - OpenSSH Flaws CVE-2025-26465 & CVE-2025-26466 Expose Clients and Servers to Attacks - 3d
• blog.qualys.com - Qualys TRU Discovers Two Vulnerabilities in OpenSSH (CVE-2025-26465, CVE-2025-26466) - 3d
• hackread.com - Critical OpenSSH Vulnerabilities Expose Users to MITM and DoS Attacks - 3d
• Ubuntu security notices - USN-7270-2: OpenSSH vulnerability - 3d
• The Hacker News - Two security vulnerabilities have been discovered in the OpenSSH secure networking utility suite that, if successfully exploited, could result in an active machine-in-the-middle (MitM) and a denial-of - 2d
• News | CSO Online - OpenSSH fixes flaws that enable man-in-the-middle, DoS attacks - 2d
• Security Archives - Security Affairs - OpenSSH bugs allows Man-in-the-Middle and DoS Attacks - 2d
• SCM feed for Security Strategy, Plan, Budget - OpenSSH flaws could enable man-in-the-middle attacks, denial of service Two vulnerabilities in OpenSSH could enable man-in-the-middle (MitM) attacks or denial of service (DoS), the Qualys Threat Resea - 2d
• @kubikpixel - OpenSSH flaws could enable man-in-the-middle attacks, denial of service Two vulnerabilities in OpenSSH could enable man-in-the-middle (MitM) attacks or denial of service (DoS), the Qualys Threat Resea - 2d
• @AAKL - Infosec Exchange Post: Qualys TRU Discovers Two Vulnerabilities in OpenSSH: CVE-2025-26465 & CVE-2025-26466 More: The Register: FreSSH bugs undiscovered for years threaten OpenSSH security - 2d
• SOCRadar? Cyber Intelligence Inc. - Security Flaws in OpenSSH and Juniper Networks Demand Action (CVE-2025-26465, CVE-2025-26466, and CVE-2025-21589) - 1d
• Information Security Buzz - Qualys Identifies Critical Vulnerabilities that Enable DDoS, MITM Attacks - 1d
• www.theregister.com - FreSSH bugs undiscovered for years threaten OpenSSH security - 1d

Classification:

• HashTags: OpenSSH Vulnerability Cybersecurity
• Company: OpenSSH
• Target: Millions of users
• Product: OpenSSH
• Feature: VerifyHostKeyDNS
• Type: Vulnerability
• Severity: Major