- QUALYS reveals two bugs in Openssh
- The deficiencies could be used in machine-in-middle and denial of service attack
- Patches are available as well as some mitigation
Openssh wore two vulnerabilities that enabled machine-in-the-middle (MITM) attack and denial of service attacks (DOS) attacks, experts have warned.
CyberSecurity scientists from Qualys Threat Research Unit (Tru), who discovered the deficiencies and helped make things up, noted that they discovered two vulnerabilities, a track like CVE-2025-26465, and another is traced as CVE-2025-26466 .
The former allows an active MIPM attack on the Openssh client when the Verify Hostkeydns setting is enabled, while the latter affects both the Openssh client and the server and enables DOS attacks before authentication.
Millions of victims
In order for the MITM attack to succeed, the VeruReHostkeydns setting must be set to either “Yes” or “Ask”, Qualys said, emphasizing that the default setting is “No.” The attack requires no user interaction and does not depend on the existence of an SSHFP resource post in DNS. This error was present in Openssh since December 2014, it was added just before the release of Openssh 6.8p1.
“If an attacker can perform a man-in-the-middle attack via CVE-2025-26465, the client may accept the striker’s key instead of the legitimate server key,” the blog reads. “If compromised, hackers could see or manipulate sensitive data, move over multiple critical servers laterally and exfilter valuable information such as database -credentials.”
The second error was introduced in August 2023, added Qualys shortly before the release of Openssh 9.5p1. If threat players can repeatedly exploit it, they can cause long -term power cuts or prevent administrators from managing servers, it was said.
The error can be reduced on the server side by utilizing existing mechanisms in Openssh, such as LogingRacetime, Maxstartups and Persource Penalties.
Regardless of potential mitigation, Qualys encourages all users to upgrade to Openssh 9.9p2 as this version relates to both vulnerabilities. “To ensure continued security, we advise strongly to upgrade affected systems to 9.9p2 as soon as possible,” the researchers said.
Openssh (Open Secure Shell) is a package of open source tools that provide encrypted communication, secure remote login and file transfers over an unsecured network using the SSH protocol.
