Two security vulnerabilities have been discovered in the OpenSSH secure networking utility suite that, if successfully exploited, could result in an active machine-in-the-middle ( MitM ) and a denial-of-service ( DoS ) attack, respectively, under certain conditions.
The risks, by the Qualys Threat Research Unit ( TRU), are below-
- CVE-2025-26465- The OpenSSH client has a logic error between versions 6.8p1 and 9.9p1 ( inclusive ), making it vulnerable to an active MitM attack if the VerifyHostKeyDNS option is enabled ( it was introduced in December 2014 ).
- CVE-2025-26466– The OpenSSH client and server are vulnerable to a pre-authentication DoS attack between versions 9.5p1 to 9.9p1 ( inclusive ) that causes memory and CPU consumption ( Introduced in August 2023 )
” If an attacker can do a man-in-the-middle strike via CVE-2025-26465, the buyer may accept the suspect’s key instead of the legitimate user’s key”, Saeed Abbasi, manager of product at Qualys TRU, said.
” This could compromise the SSH connection’s integrity, allowing ability tampering with the program before the user actually realizes it,” the person said.
In other words, a powerful exploitation might allow illiterate hackers to compromise and spoof SSH sessions and access sensitive data without permission. VerifyHostKeyDNS is a definition proxy setting, so it’s worth noting.
Repeated abuse of CVE-2025-26466, on the other hand, can result in supply issues, preventing administrators from managing servers and locking reasonable users up, properly terrible routine operations.
Both the risks were fixed by OpenSSH maintainers in the variant 9.9p2 of today.
More than seven months prior, Qualys revealed another OpenSSH flaw, ( CVE-2024-6387 ), that could have led to unauthenticated remote code execution with root privileges in glibc-based Linux systems.