Vulnerabilities

OpenSSH Patches Vulnerabilities Allowing MitM, DoS Attacks

The latest OpenSSH update patches two vulnerabilities, including one that enabled MitM attacks with no user interaction.

The latest OpenSSH update patches two vulnerabilities, including one that enabled MitM attacks with no user interaction.

On Tuesday, the developers of OpenSSH, the popular open source implementation of the Secure Shell (SSH) protocol, rolled out patches for two vulnerabilities, one exploitable without user interaction and the other without authentication.

Using a client-server system, OpenSSH provides support for encrypted communication, and is used across modern operating systems on both desktop and mobile devices.

The first of the newly addressed vulnerabilities, tracked as CVE-2025-26465, impacts the OpenSSH client with the VerifyHostKeyDNS option enabled, and can be exploited by a man-in-the-middle (MiTM) attacker to impersonate a server.

The VerifyHostKeyDNS configuration option allows the SSH client to verify a server’s host key using SSHFP records in the DNS.

According to Qualys, which identified and reported CVE-2025-26465, the flaw can be successfully exploited regardless of the VerifyHostKeyDNS option in use, without user interaction, and even if an SSHFP resource record does not exist.

The security defect was introduced in OpenSSH in December 2014. By default, the VerifyHostKeyDNS is disabled, but FreeBSD had it enabled by default between September 2013 and March 2023.

Advertisement. Scroll to continue reading.

“If an attacker can perform a man-in-the-middle attack via CVE-2025-26465, the client may accept the attacker’s key instead of the legitimate server’s key. This would break the integrity of the SSH connection, enabling potential interception or tampering with the session before the user even realizes it,” Qualys says.

Tracked as CVE-2025-26466, the second bug resolved in OpenSSH on Tuesday impacts both the client and the server, and can be exploited without authentication to cause a denial-of-service (DoS) condition through asymmetric consumption of memory and CPU resources.

According to Qualys, an attacker could repeatedly exploit CVE-2025-26466 to cause prolonged outages, preventing both administrators and end-users from using OpenSSH.

“An enterprise facing this vulnerability could see critical servers become unreachable, interrupting routine operations, and stalling essential maintenance tasks,” Qualys notes.

OpenSSH version 9.9p2 was released on Tuesday with fixes for both vulnerabilities. Users are advised to update their instances as soon as possible.

Related: Ivanti, Fortinet Patch Remote Code Execution Vulnerabilities

Related: Chipmaker Patch Tuesday: Intel, AMD, Nvidia Fix High-Severity Vulnerabilities

Related: SAP Releases 21 Security Patches

Related: Cisco Patches Critical Vulnerabilities in Enterprise Security Product

Related Content

Artificial Intelligence

The DuneSlide vulnerabilities enable zero-click prompt injection attacks that escape Cursor's sandbox and execute arbitrary code on the underlying operating system.

Artificial Intelligence

Come vulnerabilities were found within hours, but that does not mean the model was able to exploit them within that time, the official said.

Artificial Intelligence

Anthropic's Mythos is accelerating vulnerability discovery to machine speed, forcing the bug bounty industry and offensive security teams to adapt to a future where...

Application Security

As AI shortens the path from vulnerability disclosure to exploitation, researchers disagree on whether the problem is inadequate security tools or inadequate operational control.

Vulnerabilities

A code reuse issue enabled comma characters in certificate principals to be interpreted as list separators.

Vulnerabilities

The vulnerabilities could be exploited to cause a denial-of-service (DoS) condition, execute arbitrary code, or access arbitrary files and directories.

Artificial Intelligence

As AI coding tools flood enterprises with functional but flawed software, researchers urge embedding security checks directly into the AI workflow.

Vulnerabilities

The vulnerabilities allow attackers to predict source ports and query IDs BIND will use, and to inject forged records into the cache.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version