OpenSSH Patches Two Critical Vulnerabilities, One Undetected for a Decade

by | Feb 19, 2025 | News

OpenSSH Patches Two Critical Vulnerabilities, One Undetected for a Decade

Post Views: 66




Join our Patreon Channel and Gain access to 70+ Exclusive Walkthrough Videos.

Patreon
Reading Time: 3 Minutes

Overview

OpenSSH has released security updates to fix two vulnerabilities: a man-in-the-middle (MitM) flaw and a denial-of-service (DoS) issue. Notably, one of these vulnerabilities has remained undiscovered for over a decade.

OpenSSH has released security updates addressing two newly discovered vulnerabilities:

  • CVE-2025-26465 – A Man-in-the-Middle (MitM) attack flaw affecting OpenSSH clients.
  • CVE-2025-26466 – A Denial of Service (DoS) vulnerability that can crash OpenSSH servers.

The MitM vulnerability was introduced over a decade ago, in OpenSSH 6.8p1 (December 2014), while the DoS flaw was introduced more recently in OpenSSH 9.5p1 (August 2023).

Both issues were discovered and demonstrated by Qualys researchers, who confirmed their exploitability to OpenSSH maintainers.

Details of the Vulnerabilities

CVE-2025-26465 – Man-in-the-Middle (MitM) Attack

This vulnerability affects OpenSSH clients when the VerifyHostKeyDNS option is enabled.

  • Attackers can intercept SSH connections and present a rogue server’s key.
  • By exploiting an out-of-memory error, they can bypass host verification and hijack the session.
  • Once hijacked, attackers can steal credentials, inject commands, and exfiltrate data.

While VerifyHostKeyDNS is disabled by default, it was enabled by default in FreeBSD from 2013 to 2023, potentially exposing many systems to attacks.

See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses




Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.

CVE-2025-26466 – Pre-Authentication Denial of Service (DoS)

This flaw allows attackers to consume excessive memory and CPU before authentication.

  • By sending small 16-byte ping messages, OpenSSH buffers 256-byte responses.
  • These responses accumulate indefinitely, leading to high memory consumption and system crashes.
  • Though not as severe as the MitM attack, this can be exploited to disrupt SSH services on affected systems.

Trending: Hide Payloads in PDF Files using Cobalt Strike Beacons




Trending: Recon Tool: getJS

Security Fixes and Mitigation Steps

Patch Immediately

  • OpenSSH 9.9p2, released today, fixes both vulnerabilities.
  • All users should upgrade to this version as soon as possible.

Mitigation for CVE-2025-26465 (MitM Attack)

  • Disable VerifyHostKeyDNS unless absolutely necessary.
  • Manually verify SSH key fingerprints to ensure secure connections.

Mitigation for CVE-2025-26466 (DoS Attack)

  • Enforce SSH connection rate limits to prevent excessive resource consumption.
  • Monitor SSH traffic for unusual activity to detect early signs of exploitation.

For further technical details, Qualys has provided a full report on both vulnerabilities.

Trending: Massive Brute Force Attack Using 2.8 Million IPs Targets Networking Devices

Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]

Source: bleepingcomputer.com

Source Link

Merch

Recent News

EXPLORE OUR STORE

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!

Information Security Solutions

Find out how Pentesting Services can help you.

Join our Community

Share This