OpenSSH Vulnerability Allows Man-in-the-Middle Attack via Host Key Verification Flaw
CVE-2025-26465

6.8MEDIUM

Key Information:

Vendor
Red Hat
Status
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 9
Vendor
CVE Published:
18 February 2025

Badges

🔥 Trending now📈 Trended📈 Score: 5,280👾 Exploit Exists🟡 Public PoC📰 News Worthy

What is CVE-2025-26465?

CVE-2025-26465 is a noteworthy vulnerability found in OpenSSH, a widely used tool for secure remote communication. This vulnerability arises when the VerifyHostKeyDNS option is enabled, thereby exposing organizations to potential man-in-the-middle (MitM) attacks. In this scenario, an attacker can impersonate a legitimate server, compromising the security of data exchanges and potentially leading to unauthorized access or data breaches. Organizations relying on OpenSSH for secure communications must address this vulnerability to safeguard their sensitive information.

Technical Details

The vulnerability in OpenSSH stems from the mishandling of error codes under specific conditions while verifying host keys. When an attacker employs this flaw, they can successfully execute a MitM attack by first exhausting the client’s memory resources, which significantly raises the difficulty of executing such an attack. This type of vulnerability highlights the complexities involved in maintaining the integrity of server connections and the necessity of securing DNS-based host verification mechanisms.

Potential impact of CVE-2025-26465

  1. Data Compromise: Successful exploitation can lead to unauthorized access to sensitive communications, risking the exposure of confidential information exchanged over SSH connections.

  2. System Integrity Risks: Attackers gaining control through impersonation can alter systems or deploy malicious software, undermining the integrity of the affected machines.

  3. Resource Exhaustion: The approach of exhausting the client’s memory resources not only impacts system performance but can also create additional avenues for adversaries to disrupt normal operations or conduct further attacks.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-26465
Created by rxerium

patch-manual-CVE-2025-26465-e-CVE-2025-26466
Created by dolutech

News Articles

favicon imageSC Media

OpenSSH flaws could enable man-in-the-middle attacks, denial of service

If the VerifyHostKeyDNS option is activated, an attacker could impersonate a server to hijack SSH sessions.

2 days ago

favicon imageBankInfoSecurity

Proof-of-Concept Exploits Published for 2 New OpenSSH Bugs

Millions of servers are at risk from vulnerabilities in OpenSSH, a widely used, open source remote server management and file transfer tool. The flaws pose

2 days ago

favicon imageHackread

Critical OpenSSH Vulnerabilities Expose Users to MITM and DoS Attacks

2 critical OpenSSH vulnerabilities found! Qualys TRU finds client and server flaws (CVE-2025-26465 & CVE-2025-26466) enabling MITM and DoS.

3 days ago

References

https://access.redhat.com/security/cve/CVE-2025-26465
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2344780
issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • 📈

    Vulnerability started trending

  • 📰

    First article discovered by Qualys Security Blog

  • Vulnerability published

  • Vulnerability Reserved

.