OpenSSH Vulnerabilities MitM & DoS

The Qualys Threat Research Unit (TRU) has uncovered two high-severity vulnerabilities in OpenSSH, the widely used suite for secure network communication.

Tracked as CVE-2025-26465 and CVE-2025-26466, these flaws enable machine-in-the-middle (MitM) attacks against clients and pre-authentication denial-of-service (DoS) exploits targeting both clients and servers.

With OpenSSH integral to enterprise infrastructure, these vulnerabilities pose significant risks to data integrity, system availability, and regulatory compliance.

Google News

CVE-2025-26465: Machine-in-the-Middle Attack

This vulnerability impacts OpenSSH clients running versions 6.8p1 through 9.9p1 and arises when the VerifyHostKeyDNS option is enabled.

Though disabled by default, this setting was historically activated in FreeBSD and other configurations, expanding the attack surface. Attackers exploiting this flaw can impersonate legitimate servers by bypassing host key verification, even when DNS SSHFP records are absent.

The attack requires no user interaction, enabling silent interception of SSH sessions. This compromises confidentiality and allows adversaries to steal credentials, manipulate data, or pivot to internal systems.

Qualys emphasizes that the flaw’s 11-year presence (introduced in December 2014) underscores the need for rigorous configuration audits.

CVE-2025-26466: Pre-Authentication DoS Exploit

Affecting OpenSSH versions 9.5p1 through 9.9p1, this vulnerability permits attackers to exhaust server resources via asymmetric CPU/memory consumption. By flooding unauthenticated sessions with SSH2_MSG_PING packets, adversaries can cripple systems, locking administrators out of critical infrastructure.

While server-side mitigations like LoginGraceTime and PerSourcePenalties exist, client-side protections remain unavailable, necessitating immediate patching.

Mitigations

  • Upgrade to OpenSSH 9.9p2, which resolves both vulnerabilities[8].
  • Disable VerifyHostKeyDNS if enabled and enforce strict host key verification via known_hosts files.
  • Configure server defenses: Reduce LoginGraceTime, limit concurrent connections via MaxStartups, and apply PerSourcePenalties to throttle abusive IPs.

The MitM vulnerability undermines SSH’s foundational promise of secure communication, enabling stealthy breaches that evade traditional monitoring. For enterprises, this risks non-compliance with GDPR, HIPAA, and PCI-DSS due to potential data exfiltration.

The DoS vulnerability disrupts business operations by making SSH unavailable. This is a key target for ransomware groups that aim to cause operational outages. The issue with CVE-2025-26466 is that attackers can exploit it without needing to steal credentials, making it easier for them to gain access.

As Qualys notes, OpenSSH’s role in global infrastructure demands unwavering vigilance. Organizations failing to act risk severe financial, legal, and reputational fallout from preventable breaches.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

Guru Baran
Guru Baran
https://cybersecuritynews.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.
Facebook Linkedin