Critical OpenSSH Flaws Put Systems at Risk
Two newly discovered security vulnerabilities in the widely used OpenSSH networking suite could expose systems to active Man-in-the-Middle (MitM) and Denial-of-Service (DoS) attacks under specific conditions, making immediate patching essential.
The Qualys Threat Research Unit (TRU) has disclosed the following vulnerabilities:
CVE-2025-26465 (CVSS Score: 6.8): A logic error in OpenSSH client versions 6.8p1 to 9.9p1 makes them vulnerable to an active MitM attack if the VerifyHostKeyDNS option is enabled. This flaw allows a threat actor to impersonate a legitimate server and intercept SSH sessions. (Introduced in December 2014).
CVE-2025-26466 (CVSS Score: 5.9): A pre-authentication DoS vulnerability affecting both OpenSSH client and server versions 9.5p1 to 9.9p1, leading to excessive memory and CPU consumption, potentially crashing systems. (Introduced in August 2023).
How These Vulnerabilities Affect OpenSSH Users
Saeed Abbasi, Manager of Product at Qualys TRU, warns, “If an attacker exploits CVE-2025-26465, the OpenSSH client may accept a malicious server’s key instead of the legitimate one, compromising the session’s integrity.”
This breach could enable cybercriminals to intercept, manipulate, or hijack SSH connections, granting unauthorized access to sensitive information. While VerifyHostKeyDNS is disabled by default, it was enabled by default on FreeBSD from September 2013 to March 2023, increasing exposure risks for FreeBSD users.
Meanwhile, repeated exploitation of CVE-2025-26466 could cripple system availability, making it impossible for administrators to manage servers or users to log in, severely disrupting operations.
Patch Now – OpenSSH 9.9p2 Fixes These Flaws
OpenSSH maintainers have released version 9.9p2, which addresses both vulnerabilities. Users and administrators should update immediately to protect their systems from potential exploits.
This disclosure follows Qualys’ previous report on the OpenSSH vulnerability known as regreSSHion (CVE-2024-6387, CVSS Score: 8.1), which allowed unauthenticated remote code execution with root privileges on glibc-based Linux systems.
Protect Your Systems: Immediate Actions to Take
Upgrade OpenSSH to version 9.9p2 without delay.
Disable VerifyHostKeyDNS unless absolutely necessary.
Monitor SSH connections for anomalies that may indicate an MitM attack.
Apply network segmentation and intrusion detection to limit the impact of potential exploits.
By patching promptly and implementing cybersecurity best practices, organizations can mitigate the risks posed by these critical vulnerabilities. Stay vigilant and ensure your OpenSSH instances are up to date!