Two significant security vulnerabilities have been discovered in the OpenSSH utility suite, which could lead to a man-in-the-middle (MitM) attack and denial-of-service (DoS) issue if exploited. The Qualys Threat Research Unit has identified two critical vulnerabilities: CVE-2025-26465 with a CVSS score of 6.8, and CVE-2025-26466 with a CVSS score of 5.9.
The first vulnerability, CVE-2025-26465, affects the OpenSSH client between versions 6.8p1 to 9.9p1 (inclusive) when the VerifyHostKeyDNS option is enabled. This allows an attacker to impersonate a legitimate server and intercept sensitive data during SSH connections.
A successful exploitation of this vulnerability could enable malicious actors to hijack SSH sessions, gaining unauthorized access to sensitive data. Notably, the VerifyHostKeyDNS option is disabled by default, but was enabled on FreeBSD from September 2013 until March 2023, potentially exposing machines running the Unix-like operating system to risks.
The second vulnerability, CVE-2025-26466, causes repeated exploitation of a specific issue that could result in availability issues and prevent administrators from managing servers. Repeatedly exploiting this vulnerability would lock legitimate users out, effectively crippling routine operations.
Fortunately, both vulnerabilities have been addressed in the latest version of OpenSSH (9.9p2) released by its maintainers. This patch comes seven months after Qualys shed light on another critical OpenSSH flaw dubbed regreSSHion (CVE-2024-6387), which posed an unauthenticated remote code execution threat with root privileges in glibc-based Linux systems.
Source: https://thehackernews.com/2025/02/new-openssh-flaws-enable-man-in-middle.html