Technology

OpenSSH vulnerabilities could pose huge threat to businesses everywhere

February 18, 2025

Qualys uncovers two bugs in OpenSSH
The flaws could be used in Machine-in-the-Middle and Denial-of-Service attacks
Patches are available, as well as some mitigations

OpenSSH carried two vulnerabilities that were enabling machine-in-the-middle (MitM) attacks and denial-of-service (DoS) attacks, experts have warned.

Cybersecurity researchers from the Qualys Threat Research Unit (TRU), who discovered the flaws and helped patch things up, noted they spotted two vulnerabilities, one tracked as CVE-2025-26465, and another tracked as CVE-2025-26466.

The former allows an active MitM attack on the OpenSSH client when the VerifyHostKeyDNS option is enabled, while the latter affects both the OpenSSH client and server, and enables pre-authentication DoS attacks.

Millions of victims

For the MitM attack to succeed, the VerifyHostKeyDNS option needs to be set to either “yes”, or “ask”, Qualys said, stressing that the default option is “no.” The attack requires no user interaction, and does not depend on the existence of an SSHFP resource record in DNS. This flaw was present in OpenSSH since December 2014, it was added, just before the release of OpenSSH 6.8p1.

“If an attacker can perform a man-in-the-middle attack via CVE-2025-26465, the client may accept the attacker’s key instead of the legitimate server’s key,” the blog reads. “If compromised, hackers could view or manipulate sensitive data, move across multiple critical servers laterally, and exfiltrate valuable information such as database credentials.”

The second flaw was introduced in August 2023, Qualys added, shortly before the release of OpenSSH 9.5p1. If threat actors can repeatedly exploit it, they may cause prolonged outages or prevent admins from managing servers, it was said.

The bug can be mitigated on the server side by leveraging existing mechanisms in OpenSSH such as LoginGraceTime, MaxStartups, and PerSourcePenalties.

Regardless of potential mitigations, Qualys urges all users to upgrade to OpenSSH 9.9p2, since this version addresses both vulnerabilities. “To ensure continued security, we strongly advise upgrading affected systems to 9.9p2 as soon as possible,” the researchers said.

OpenSSH (Open Secure Shell) is a suite of open source tools that provide encrypted communication, secure remote login, and file transfers over an unsecured network using the SSH protocol.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

LEAVE A REPLY Cancel reply

EDITOR PICKS

POPULAR POSTS

QUICK LINKS

ABOUT US

FOLLOW US

Cookie bar