OpenSSH has released security updates addressing two vulnerabilities, a man-in-the-middle (MitM) and a denial of service flaw, with one of the flaws introduced over a decade ago.
Qualys discovered both vulnerabilities and demonstrated their exploitability to OpenSSH’s maintainers.
OpenSSH (Open Secure Shell) is a free, open-source implementation of the SSH (Secure Shell) protocol, which provides encrypted communication for secure remote access, file transfers, and tunneling over untrusted networks.
It is one of the most widely used tools in the world, with high levels of adoption across Linux and Unix-based (BSD, macOS) systems found in enterprise environments, IT, DevOps, cloud computing, and cybersecurity applications.
The two vulnerabilities
The MiTM vulnerability, tracked under CVE-2025-26465, was introduced in December 2014 with the release of OpenSSH 6.8p1, so the issue remained undetected for over a decade.
The flaw affects OpenSSH clients when the ‘VerifyHostKeyDNS’ option is enabled, allowing threat actors to perform MitM attacks.
“The attack against the OpenSSH client (CVE-2025-26465) succeeds regardless of whether the VerifyHostKeyDNS option is set to “yes” or “ask” (its default is “no”), requires no user interaction, and does not depend on the existence of an SSHFP resource record (an SSH fingerprint) in DNS,” explains Qualys.
When enabled, due to improper error handling, an attacker can trick the client into accepting a rogue server’s key by forcing an out-of-memory error during verification.
By intercepting an SSH connection and presenting a large SSH key with excessive certificate extensions, the attacker can exhaust the client’s memory, bypass host verification, and hijack the session to steal credentials, inject commands, and exfiltrate data.
Although the ‘VerifyHostKeyDNS’ option is disabled by default in OpenSSH, it was enabled by default on FreeBSD from 2013 until 2023, leaving many systems exposed to these attacks.
The second vulnerability is CVE-2025-26466, a pre-authentication denial of service flaw introduced in OpenSSH 9.5p1, released in August 2023.
The issue arises from an unrestricted memory allocation during the key exchange, leading to uncontrolled resource consumption.
An attacker can repeatedly send small 16-byte ping messages, which forces OpenSSH to buffer 256-byte responses without immediate limits.
During the key exchange, these responses are stored indefinitely, leading to excessive memory consumption and CPU overload, potentially causing system crashes.
The repercussions of exploitation of CVE-2025-26466 may not be as severe as the first flaw, but the fact that it’s exploitable before authentication maintains a very high risk for disruption.
Security updates released
The OpenSSH team published version 9.9p2 earlier today, which addresses both vulnerabilities, so everyone is recommended to move to that release as soon as possible.
Additionally, it is recommended to disable VerifyHostKeyDNS unless absolutely necessary and rely on manual key fingerprint verification to ensure secure SSH connections.
Regarding the DoS problem, administrators are encouraged to enforce strict connection rate limits and monitor SSH traffic for abnormal patterns to stop potential attacks early.
More technical details about the two flaws are available by Qualys here.
