Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

OpenSSH Patches Vulnerabilities Allowing MitM, DoS Attacks

The latest OpenSSH update patches two vulnerabilities, including one that enabled MitM attacks with no user interaction.

On Tuesday, the developers of OpenSSH, the popular open source implementation of the Secure Shell (SSH) protocol, rolled out patches for two vulnerabilities, one exploitable without user interaction and the other without authentication.

Using a client-server system, OpenSSH provides support for encrypted communication, and is used across modern operating systems on both desktop and mobile devices.

The first of the newly addressed vulnerabilities, tracked as CVE-2025-26465, impacts the OpenSSH client with the VerifyHostKeyDNS option enabled, and can be exploited by a man-in-the-middle (MiTM) attacker to impersonate a server.

The VerifyHostKeyDNS configuration option allows the SSH client to verify a server’s host key using SSHFP records in the DNS.

According to Qualys, which identified and reported CVE-2025-26465, the flaw can be successfully exploited regardless of the VerifyHostKeyDNS option in use, without user interaction, and even if an SSHFP resource record does not exist.

The security defect was introduced in OpenSSH in December 2014. By default, the VerifyHostKeyDNS is disabled, but FreeBSD had it enabled by default between September 2013 and March 2023.

Advertisement. Scroll to continue reading.

“If an attacker can perform a man-in-the-middle attack via CVE-2025-26465, the client may accept the attacker’s key instead of the legitimate server’s key. This would break the integrity of the SSH connection, enabling potential interception or tampering with the session before the user even realizes it,” Qualys says.

Tracked as CVE-2025-26466, the second bug resolved in OpenSSH on Tuesday impacts both the client and the server, and can be exploited without authentication to cause a denial-of-service (DoS) condition through asymmetric consumption of memory and CPU resources.

According to Qualys, an attacker could repeatedly exploit CVE-2025-26466 to cause prolonged outages, preventing both administrators and end-users from using OpenSSH.

“An enterprise facing this vulnerability could see critical servers become unreachable, interrupting routine operations, and stalling essential maintenance tasks,” Qualys notes.

OpenSSH version 9.9p2 was released on Tuesday with fixes for both vulnerabilities. Users are advised to update their instances as soon as possible.

Related: Ivanti, Fortinet Patch Remote Code Execution Vulnerabilities

Related: Chipmaker Patch Tuesday: Intel, AMD, Nvidia Fix High-Severity Vulnerabilities

Related: SAP Releases 21 Security Patches

Related: Cisco Patches Critical Vulnerabilities in Enterprise Security Product

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

James Phillips has been promoted to the role of Vice President, Cybersecurity Risk Management at AT&T.

Rafal Los has joined Binary Defense as Chief Strategy Officer.

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.