New updates have been released for OpenSSH, the widely used Secure Shell protocol commonly used for connecting to and logging in to remote machines, which a vulnerability recently discovered allowed the possibility for machine-in-the-middle (MITM) attacks and denial of service (DOS) attacks.
Researches with Qualysis’ Threat Research Unit recently reported the vulnerabilities affecting both a client and server.
Client and Server Vulnerabilities
The first vulnerability, tagged with the CVE (Common Vulnerability & Exposure) CVE-2025-26465 with a severity of medium (6.8 on a scale of 1-10), was found within the error handling for the client’s configuration option VerifyHostKeyDNS for verifying the host’s DNS. The way a possible error was handled was faulty, allowing your configuration to authentication a rouge server as if your destined server.
This could leave users vulnerable to machine-in-the-middle attacks, where your connection continues as normal but communications are actually intercepted and stolen or modified.
The second vulnerability, CVE-2025-26466 (also medium severity), lied in the pre-authentication phase. Tailored packets when initiating a connection could be overloaded, leading to excessive use of resources like CPU processing and RAM, and eventually leading to a DOS (Denial of Service) attack if services or the machine is affected.
Update Now
Users can mitigate vulnerability with security options like MaxAuth LoginGraceTime, and the VerifyHostKeyDNS is disabled, but reviewing your configurations and updating computers utilizing OpenSSH is crucial to avoid leaving any known vulnerabilities open.
Affected versions include:
- OpenSSH versions 6.8p1 through 9.9p1
The latest update, 9.9p2,provides patches for the vulnerabilities.
Linux based users can update from their terminal with their package manager. On Windows based machines, you’ll usually get updates through Windows Updates.
Learn more about Qualsys’ analysis of this threat on their report page.
Leave a Reply