OpenSSH, a widely used tool for secure remote access, has released security updates addressing two critical vulnerabilities. One of the flaws, introduced over a decade ago, can be exploited for man-in-the-middle (MitM) attacks, while the other is a denial of service (DoS) flaw that can cause system crashes.
The first vulnerability, CVE-2025-26465, was discovered by Qualys and affects OpenSSH clients when the ‘VerifyHostKeyDNS’ option is enabled. This allows threat actors to perform MitM attacks, as they can trick the client into accepting a rogue server’s key by exhausting its memory. The flaw remains undetected for over a decade and has affected systems with the ‘VerifyHostKeyDNS’ option enabled, including FreeBSD until 2023.
The second vulnerability, CVE-2025-26466, is a pre-authentication DoS flaw introduced in OpenSSH 9.5p1. It arises from an unrestricted memory allocation during the key exchange, leading to excessive memory consumption and CPU overload. An attacker can repeatedly send small ping messages to force the server to buffer large responses, causing system crashes.
To mitigate these vulnerabilities, the OpenSSH team recommends updating to version 9.9p2, which addresses both flaws. Administrators are advised to disable ‘VerifyHostKeyDNS’ unless necessary and rely on manual key fingerprint verification for secure SSH connections. Enforcing strict connection rate limits and monitoring SSH traffic can also help prevent potential DoS attacks early.
Source: https://www.bleepingcomputer.com/news/security/new-openssh-flaws-expose-ssh-servers-to-mitm-and-dos-attacks