CVE-2025-26465: Openssh: machine-in-the-middle attack if verifyhostkeydns is enabled
First published: Mon Feb 10 2025(Updated: )
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/openssh | <=1:8.4p1-5+deb11u3<=1:9.2p1-2+deb12u4<=1:9.9p1-3 | 1:8.4p1-5+deb11u4 1:9.2p1-2+deb12u5 1:9.9p2-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.theregister.com/2025/02/18/openssh_vulnerabilities_mitm_dos/
- https://www.bleepingcomputer.com/news/security/new-openssh-flaws-expose-ssh-servers-to-mitm-and-dos-attacks/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26465
- https://nvd.nist.gov/vuln/detail/CVE-2025-26465
- https://launchpad.net/bugs/cve/CVE-2025-26465
- https://security-tracker.debian.org/tracker/CVE-2025-26465
- https://ubuntu.com/security/CVE-2025-26465
- https://www.openssh.com/releasenotes.html#9.9p2
- https://www.qualys.com/2025/02/18/openssh-mitm-dos.txt
- https://github.com/openssh/openssh-portable/commit/5e39a49930d885aac9c76af3129332b6e772cd75
- https://github.com/openssh/openssh-portable/commit/0832aac79517611dd4de93ad0a83577994d9c907
- https://seclists.org/oss-sec/2025/q1/144
- https://bugzilla.redhat.com/show_bug.cgi?id=2344780
- https://access.redhat.com/security/cve/CVE-2025-26465
- https://blog.qualys.com/vulnerabilities-threat-research/2025/02/18/qualys-tru-discovers-two-vulnerabilities-in-openssh-cve-2025-26465-cve-2025-26466
- https://bugzilla.suse.com/show_bug.cgi?id=1237040
- https://ftp.openbsd.org/pub/OpenBSD/patches/7.6/common/008_ssh.patch.sig
- https://lists.debian.org/debian-lts-announce/2025/02/msg00020.html
- https://lists.mindrot.org/pipermail/openssh-unix-announce/2025-February/000161.html
- https://www.openwall.com/lists/oss-security/2025/02/18/1
- https://www.openwall.com/lists/oss-security/2025/02/18/4
Frequently Asked Questions
What is the severity of CVE-2025-26465?
CVE-2025-26465 has a critical severity level due to the potential for a machine-in-the-middle attack.
How do I fix CVE-2025-26465?
To fix CVE-2025-26465, upgrade to OpenSSH versions 1:8.4p1-5+deb11u4, 1:9.2p1-2+deb12u5, or 1:9.9p2-1.
What systems are affected by CVE-2025-26465?
CVE-2025-26465 affects OpenSSH versions up to 1:8.4p1-5+deb11u3, 1:9.2p1-2+deb12u4, and 1:9.9p1-3.
Can CVE-2025-26465 lead to unauthorized access?
Yes, CVE-2025-26465 can allow an attacker to impersonate a legitimate server, potentially leading to unauthorized access.
Is it safe to use OpenSSH with VerifyHostKeyDNS enabled after the fix for CVE-2025-26465?
After applying the fix for CVE-2025-26465, using OpenSSH with VerifyHostKeyDNS enabled is considered safe.
- collector/the-register
- source/The Register
- alias/CVE-2025-26465
- alias/CVE-2025-26466
- agent/type
- collector/bleeping-computer
- source/BleepingComputer
- agent/news-ai
- exploited/true
- collector/usn-cve
- source/Ubuntu
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/redhat-bugzilla
- source/Red Hat
- agent/weakness
- agent/author
- agent/description
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/severity
- agent/event
- agent/trending
- collector/nvd-api
- source/NVD
- collector/epss-latest
- source/FIRST
- agent/references
- agent/last-modified-date
- agent/source
- agent/tags
- agent/epss
- package-manager/debian