Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
6.8
CVSSv3

CVE-2025-26465

CVSSv4: NA | CVSSv3: 6.8 | CVSSv2: NA | VMScore: 780 | EPSS: 0.44631 | KEV: Not Included
Published: 18/02/2025 Updated: 19/02/2025

Vulnerability Summary

OpenSSH Host Key DNS Verification Vulnerability Enables Machine-in-the-Middle Attack

A vulnerability exists in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine that pretends to be a legitimate server. The issue happens because OpenSSH does not handle error codes correctly in certain situations when checking the host key. For an attack to work, the attacker must first drain the client's memory resources, which makes the attack very complex to execute.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

red hat red hat enterprise linux 6

red hat red hat enterprise linux 7

red hat red hat enterprise linux 8

red hat red hat enterprise linux 9

red hat red hat openshift container platform 4

Vendor Advisories

Amazon Linux 2: ALAS-2025-2769
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key For an attack to be considered successful, the attacker ...

Mailing Lists

Full Disclosure: Re: MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client
Hey all, First of all, cool findings! I've been working on the CodeQL query and have a revised version that I think improves accuracy and might offer some performance gains (though I haven't done rigorous benchmarking) The key change is the use of `StackVariableReachability` and making sure that there's a path wher e `var` is not reassigned bef ...
Full Disclosure: MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client
Qualys Security Advisory CVE-2025-26465: MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client CVE-2025-26466: DoS attack against OpenSSH's client and server ======================================================================== Contents ======================================================================== Summary Background Exper ...
Full Disclosure: Announce: OpenSSH 9.9p2 released
OpenSSH 99p2 has just been released It will be available from the mirrors listed at wwwopensshcom/ shortly OpenSSH is a 100% complete SSH protocol 20 implementation and includes sftp client and server support Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who co ...
Full Disclosure: MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client
Qualys Security Advisory CVE-2025-26465: MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client CVE-2025-26466: DoS attack against OpenSSH's client and server ======================================================================== Contents ======================================================================== Summary Background Exper ...

Github Repositories

https://github.com/rxerium/CVE-2025-26465

MitM attack allowing a malicious interloper to impersonate a legitimate server when a client attempts to connect to it

CVE-2025-26465 The OpenSSH client contains a logic error between versions 68p1 to 99p1 (inclusive) that makes it vulnerable to an active MitM attack if the VerifyHostKeyDNS option is enabled, allowing a malicious interloper to impersonate a legitimate server when a client attempts to connect to it How does this detection method work? This template matches on the following vul

https://github.com/Theshield-crack/wazuh-SIEM-with-ubuntu-

wazuh-SIEM-with-ubuntu- This project demonstrates a practical implementation of Wazuh SIEM on Ubuntu Below are the key findings and tasks completed during this setup: Key Highlights: Installing and Deploying Wazuh Deploying Wazuh Agents on Ubuntu and Windows File Integrity Monitoring in Wazuh Detecting the Execution of Malicious Commands Detecting and Blocking SSH Brute-Force

https://github.com/Theshield-crack/wazuh-SIEM-with-ubuntu

wazuh-SIEM-with-ubuntu- This project demonstrates a practical implementation of Wazuh SIEM on Ubuntu Below are the key findings and tasks completed during this setup: Key Highlights: Installing and Deploying Wazuh Deploying Wazuh Agents on Ubuntu and Windows File Integrity Monitoring in Wazuh Detecting the Execution of Malicious Commands Detecting and Blocking SSH Brute-Force

Recent Articles

Microsoft testing fix for Windows 11 bug breaking SSH connections
BleepingComputer • Sergiu Gatlan • 20 Feb 2025

Microsoft testing fix for Windows 11 bug breaking SSH connections By Sergiu Gatlan February 20, 2025 08:19 AM 0 Microsoft is not testing a fix for a longstanding known issue that is breaking SSH connections on some Windows 11 22H2 and 23H2 systems. On Tuesday, Microsoft started rolling Windows 11 Build 26100.3321 (KB5052093) Insiders in the Release Preview Channel on Windows 11 24H2 (Build 26100) with a fix for this bug. When it first acknowledged the issue in November, the company explained it ...

Read more...
New OpenSSH flaws expose SSH servers to MiTM and DoS attacks
BleepingComputer • Bill Toulas • 18 Feb 2025

New OpenSSH flaws expose SSH servers to MiTM and DoS attacks By Bill Toulas February 18, 2025 12:07 PM 0 OpenSSH has released security updates addressing two vulnerabilities, a machine-in-the-middle (MitM) and a denial of service flaw, with one of the flaws introduced over a decade ago. Qualys discovered both vulnerabilities and demonstrated their exploitability to OpenSSH's maintainers. OpenSSH (Open Secure Shell) is a free, open-source implementation of the SSH (Secure Shell) protocol, which p...

Read more...
FreSSH bugs undiscovered for years threaten OpenSSH security
The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Exploit code now available for MitM and DoS attacks

Researchers can disclose two brand-new vulnerabilities in OpenSSH now that patches have been released. Qualys discovered the bugs in January, per its disclosure timeline. These vulnerabilities allow miscreants to perform machine-in-the-middle (MitM) attacks on the OpenSSH client and pre-authentication denial-of-service (DoS) attacks. Patches for CVE-2025-26465 and CVE-2025-26466 were released this morning. Although their respective severity scores (6.8 and 5.9) don't necessarily scream "patch me...

Read more...

References

CWE-390https://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALAS-2025-2769.htmlhttps://github.com/rxerium/CVE-2025-26465https://www.first.org/epsshttps://access.redhat.com/security/cve/CVE-2025-26465https://bugzilla.redhat.com/show_bug.cgi?id=2344780https://blog.qualys.com/vulnerabilities-threat-research/2025/02/18/qualys-tru-discovers-two-vulnerabilities-in-openssh-cve-2025-26465-cve-2025-26466https://bugzilla.suse.com/show_bug.cgi?id=1237040https://ftp.openbsd.org/pub/OpenBSD/patches/7.6/common/008_ssh.patch.sighttps://lists.debian.org/debian-lts-announce/2025/02/msg00020.htmlhttps://lists.mindrot.org/pipermail/openssh-unix-announce/2025-February/000161.htmlhttps://security-tracker.debian.org/tracker/CVE-2025-26465https://ubuntu.com/security/CVE-2025-26465https://www.openssh.com/releasenotes.html#9.9p2https://www.openwall.com/lists/oss-security/2025/02/18/1https://www.openwall.com/lists/oss-security/2025/02/18/4https://www.theregister.com/2025/02/18/openssh_vulnerabilities_mitm_dos/https://seclists.org/oss-sec/2025/q1/144
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2025-42599CVE-2025-3808phpgurukulinsecure direct object referenceCVE-2025-3840CVE-2025-43967men salon management systemdenial of servicevirtuemart component for joomlapritunlLFICVE-2025-32433CVE-2022-47112
Home
/
Search Results
/
CVE-2025-26465
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook