CVE-2025-26465

MEDIUM EPSS 93.4%
Published Feb 18, 20251y ago · Modified Jun 17, 20261w ago
6.8 CVSS 3.1
Medium
Find Similar
Published Feb 18, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.

CVSS Details

Base Score
6.8
Exploitability
1.6
Impact
5.2
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity High
Availability None

Threat Intelligence

EPSS Exploit Probability
93.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-390

Affected Products 10

VendorProductVersionRange
openbsdopenssh*≥6.9  –  ≤9.8
openbsdopenssh6.8any
openbsdopenssh9.9any
openbsdopenssh9.9any
netappactive_iq_unified_manager*any
netappontap9any
redhatopenshift_container_platform4.0any
debiandebian_linux11.0any
debiandebian_linux12.0any
redhatenterprise_linux9.0any

References 26

  • seclists.org http://seclists.org/fulldisclosure/2025/Feb/18
  • seclists.org http://seclists.org/fulldisclosure/2025/May/7
  • seclists.org http://seclists.org/fulldisclosure/2025/May/8
  • access.redhat.com https://access.redhat.com/errata/RHSA-2025:16823
  • access.redhat.com https://access.redhat.com/errata/RHSA-2025:3837
  • access.redhat.com https://access.redhat.com/errata/RHSA-2025:6993
  • access.redhat.com https://access.redhat.com/errata/RHSA-2025:8385
  • access.redhat.com https://access.redhat.com/security/cve/CVE-2025-26465
    Third Party Advisory
  • access.redhat.com https://access.redhat.com/solutions/7109879
  • blog.qualys.com https://blog.qualys.com/vulnerabilities-threat-research/2025/02/18/qualys-tru-discovers-two-vulnerabilities-in-openssh-cve-2025-26465-cve-2025-26466
    Third Party Advisory
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2344780
    Issue TrackingThird Party Advisory
  • bugzilla.suse.com https://bugzilla.suse.com/show_bug.cgi?id=1237040
    Issue Tracking
  • cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-082556.html
  • ftp.openbsd.org https://ftp.openbsd.org/pub/OpenBSD/patches/7.6/common/008_ssh.patch.sig
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/02/msg00020.html
    Third Party Advisory
  • lists.mindrot.org https://lists.mindrot.org/pipermail/openssh-unix-announce/2025-February/000161.html
    Third Party Advisory
  • seclists.org https://seclists.org/oss-sec/2025/q1/144
    Mailing ListThird Party Advisory
  • security-tracker.debian.org https://security-tracker.debian.org/tracker/CVE-2025-26465
    Third Party Advisory
  • security.netapp.com https://security.netapp.com/advisory/ntap-20250228-0003/
    Third Party Advisory
  • ubuntu.com https://ubuntu.com/security/CVE-2025-26465
    Third Party Advisory
  • openssh.com https://www.openssh.com/releasenotes.html#9.9p2
    Release Notes
  • openwall.com https://www.openwall.com/lists/oss-security/2025/02/18/1
    Mailing ListThird Party Advisory
  • openwall.com https://www.openwall.com/lists/oss-security/2025/02/18/4
    Mailing ListThird Party Advisory
  • theregister.com https://www.theregister.com/2025/02/18/openssh_vulnerabilities_mitm_dos/
    Press/Media Coverage
  • vicarius.io https://www.vicarius.io/vsociety/posts/cve-2025-26465-detect-vulnerable-openssh
    Third Party Advisory
  • vicarius.io https://www.vicarius.io/vsociety/posts/cve-2025-26465-mitigate-vulnerable-openssh
    MitigationThird Party Advisory

Remediation

  • ftp.openbsd.org https://ftp.openbsd.org/pub/OpenBSD/patches/7.6/common/008_ssh.patch.sig
    Patch