New OpenSSH Vulnerabilities Expose Critical Security Risks: CVE-2025-26465 and CVE-2025-26466

By /

Listen to this Post

2025-02-28

OpenSSH, the widely-used open-source protocol for secure remote connections, has been found to have two critical vulnerabilities, according to the latest research from the Qualys Threat Research Unit (TRU). These flaws can leave systems exposed to sophisticated attacks, affecting both the OpenSSH client and server. Letā€™s take a closer look at the vulnerabilities, their potential impact, and the mitigations available.

the Vulnerabilities

Qualys has uncovered two key vulnerabilities in OpenSSH that could compromise remote system administration and potentially expose sensitive data.

  1. CVE-2025-26465 (CVSS score: 6.8) targets the OpenSSH client and can enable an attacker to conduct an active machine-in-the-middle (MITM) attack when the VerifyHostKeyDNS option is enabled. This flaw allows an attacker to impersonate the legitimate server, causing the client to accept the attackerā€™s key, thus breaking the integrity of the SSH connection. Although this vulnerability was introduced in OpenSSH 6.8p1 in December 2014, it remained active until 2023, increasing the risk of exploitation, particularly for users of FreeBSD.

  2. CVE-2025-26466 (CVSS score: 5.9) is a pre-authentication denial-of-service (DoS) vulnerability that impacts both the OpenSSH client and server. Exploiting this flaw can cause significant resource consumption, specifically high memory and CPU usage, effectively leading to a service outage. This vulnerability was introduced in OpenSSH 9.5p1 in August 2023, and can be mitigated with certain server settings such as LoginGraceTime, MaxStartups, and PerSourcePenalties.

Both vulnerabilities have been patched in OpenSSH 9.9p2, which was released on February 28, 2025.

What Undercode Says:

The discovery of these two vulnerabilities highlights the importance of maintaining updated software to avoid leaving systems open to attack. The first vulnerability, CVE-2025-26465, is especially concerning because it can allow attackers to intercept SSH sessions undetected. Given the widespread use of SSH for securing remote access to servers, this vulnerability is a significant risk to any organization that relies on SSH for administrative tasks.

The fact that FreeBSD had enabled the VerifyHostKeyDNS feature by default between 2013 and 2023, further increases the risk. For nearly a decade, users of FreeBSD may have been unknowingly vulnerable to MITM attacks without any user interaction. While the patch is now available, the exposure during this time frame underscores the importance of regular software updates and system hardening practices.

On the other hand, the second vulnerability, CVE-2025-26466, may have less dramatic immediate effects, but it still poses a considerable risk. Denial-of-service attacks against SSH servers could lock administrators out of critical systems, especially if the attacker repeatedly exploits the flaw, preventing legitimate users from gaining access. This type of vulnerability could disrupt business operations, delay server maintenance, and impede the normal functioning of IT infrastructures.

Itā€™s also worth noting that the release of OpenSSH 9.9p2 effectively addresses both vulnerabilities, making it essential for system administrators to upgrade to this version as soon as possible. This patch resolves the flaws and helps protect against potential exploitation, reinforcing the critical role of keeping systems up-to-date with the latest security patches.

In terms of broader security posture, the OpenSSH vulnerabilities emphasize the risks associated with relying on software that is commonly targeted due to its widespread use. SSH is often the gateway to critical systems, so any vulnerability in its implementation can serve as a potential entry point for attackers. Enterprises must ensure their SSH configurations are as secure as possible, even beyond patching vulnerabilities.

Moreover, the reference to the CVE-2024-6409 vulnerability, which was patched earlier in 2024, adds another layer of complexity to OpenSSH security. CVE-2024-6409 involved a race condition that could lead to remote code execution (RCE). While not directly related to the latest findings, it reinforces the ongoing need for proactive vulnerability management in this critical protocol.

Fact Checker Results:

  • CVE-2025-26465 has been actively exploitable since 2014, but remained undetected in many systems until the recent findings by Qualys.
  • CVE-2025-26466 may lead to service outages and operational disruption, posing a significant risk to remote system management.
  • The patch in OpenSSH 9.9p2 addresses both vulnerabilities, emphasizing the importance of timely updates.

References:

Reported By: https://securityaffairs.com/174384/security/openssh-vulnerabilities-mitm-dos.html
Extra Source Hub:
https://www.medium.com
Wikipedia: https://www.wikipedia.org
Undercode AI

Image Source:

OpenAI: https://craiyon.com
Undercode AI DI v2Featured Image

Explore More: