Overview

Two critical vulnerabilities are affecting OpenSSH. Exploitation of these vulnerabilities may allow an unauthenticated attacker to cause a denial-of-service condition.

Description

OpenSSH versions 6.8p1 to 9.9p1 are affected by vulnerabilities tracked as CVE-2025-26465, and CVE-2025-26466 with CVSS scores of 9.8 and 9.1. The vulnerabilities results from a logic error that allowed an on-path attacker (a.k.a MITM) to impersonate any server when the VerifyHostKeyDNS option is enabled, and a memory/CPU handling SSH2_MSG_PING packets. The vulnerabilities allow attackers to achieve man-in-the-middle (MitM) and a denial-of-service condition on affected system.

Impact

Successful exploitation of these vulnerabilities may allow the attackers to take control of affected system.

Solution

OpenSSH has released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.

References

• 1. https://www.openssh.com/txt/release-9.9p2
• 2. https://www.qualys.com/2025/02/18/openssh-mitm-dos.txt
• 3. https://www.bleepingcomputer.com/news/security/new-openssh-flaws-expose-ssh-servers-to-mitm-and-dos-attacks/