Memory Consumption Vulnerability in OpenSSH by Red Hat
CVE-2025-26466

5.9MEDIUM

Key Information:

Vendor
OpenBSD
Vendor
CVE Published:
28 February 2025

Badges

πŸ‘Ύ Exploit Exists🟑 Public PoC🟣 EPSS 14%πŸ“° News Worthy

Summary

A flaw exists in the OpenSSH package which allows attackers to exploit the server's memory management. When the SSH server receives a ping packet, it allocates corresponding pong packets in a memory buffer, maintaining them in a queue until the key exchange process is complete. This can be manipulated by a malicious client to keep sending ping packets, resulting in excessive memory consumption on the server, potentially leading to service unavailability and a denial of service attack.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

News Articles

OpenSSH bugs allows Man-in-the-Middle and DoS Attacks

Two OpenSSH vulnerabilities could allow machine-in-the-middle (MitM) and denial-of-service (DoS) attacks under certain conditions.

OpenSSH flaws could enable man-in-the-middle attacks, denial of service

If the VerifyHostKeyDNS option is activated, an attacker could impersonate a server to hijack SSH sessions.

Proof-of-Concept Exploits Published for 2 New OpenSSH Bugs

Millions of servers are at risk from vulnerabilities in OpenSSH, a widely used, open source remote server management and file transfer tool. The flaws pose

References

EPSS Score

14% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ“°

    First article discovered by The Register

  • Vulnerability Reserved

.