- Final Participant List for Cyber Pilot Released
- 9 ways to delete yourself from the internet (and hide your identity online)
- Download our CIO Pulse AI priorities survey
- Own an Apple Watch? You might qualify for a settlement payout - how to check
- I switched to LED lightbulbs to save money, but doing so uncovered 5 other benefits
OpenSSH Flaws Expose Systems to Critical Attacks
Two significant security vulnerabilities in networking utility OpenSSH have been uncovered by security researchers.
These flaws, identified as CVE-2025-26465 and CVE-2025-26466, pose risks of man-in-the-middle (MitM) and denial-of-service (DoS) attacks.
The vulnerabilities, reported by the Qualys Security Advisory team, have prompted the release of OpenSSH 9.9p2, which addresses these issues.
Details of the Vulnerabilities
CVE-2025-26465: Man-in-the-Middle Attack
The first vulnerability (CVE-2025-26465) relates to the VerifyHostKeyDNS feature in the OpenSSH client. When enabled, this option could allow attackers to impersonate a server by bypassing identity verification checks. This flaw results from a logic error in how server identity is verified when memory allocation errors occur.
Although VerifyHostKeyDNS is disabled by default, administrators are urged to review their configurations. Notably, this feature has been enabled by default in some environments, such as FreeBSD, in the past.
This vulnerability has been around since late 2014. It underlines the critical need to reassess legacy settings regularly to ensure they comply with modern security standards.
CVE-2025-26466: Denial-of-Service Attack
The second vulnerability (CVE-2025-26466) involves a pre-authentication denial-of-service (DoS) attack that affects both OpenSSH’s client and server.
Attackers can exploit SSH2_MSG_PING packets to consume server resources disproportionately and cause resource exhaustion. This flaw stems from improper handling of memory and CPU resources during SSH key exchanges.
While server-side mitigations like LoginGraceTime and MaxStartups reduce the impact, the client-side remains vulnerable.
This issue has been present since August 2023. It highlights the complexities of ensuring efficient resource management in secure communication protocols.
Read more on OpenSSH vulnerabilities: Critical OpenSSH Flaw Enables Full System Compromise
Critical OpenSSH Update Now Available
To address these vulnerabilities, the OpenSSH team released version 9.9p2 today. This update includes fixes for the MitM and DoS flaws alongside several bug resolutions that enhance performance and security.
System administrators are strongly encouraged to act immediately and take the following steps:
- Upgrade immediately: Ensure OpenSSH installations are updated to version 9.9p2 as soon as possible
- Audit legacy configurations: Check for potentially risky settings, such as VerifyHostKeyDNS, that might still be enabled
- Strengthen resource controls: On servers, adjust settings like LoginGraceTime and MaxStartups to minimize the risk of DoS attacks
By acting promptly, organizations can reduce their exposure to these newly identified threats and enhance the overall security of their SSH infrastructure.
