The Qualys Threat Research Unit (TRU) has identified two vulnerabilities in OpenSSH. The first, tracked as CVE-2025-26465, allows an active machine-in-the-middle attack on the OpenSSH client when the ...
Read Full Article »Qualys TRU Discovers Two Vulnerabilities in OpenSSH: CVE-2025-26465 & CVE-2025-26466
Discussion Points
- r.
- The information provides valuable insights for those interested in the subject matter.
- Understanding the subject matter requires attention to the details presented in this content.
Summary
OpenSSH users are advised to take immediate action due to two newly identified vulnerabilities, CVE-2025-26465 and CVE-2025-26466. The first vulnerability allows for a machine-in-the-middle attack on clients with VerifyHostKeyDNS enabled, compromising the security of the connection.
This can have severe consequences, including unauthorized access to sensitive information.The second vulnerability affects both the OpenSSH client and server, enabling pre-authentication denial-of-service attacks. These types of attacks can cause significant disruption to systems and networks, making it essential to address this issue promptly.System administrators are urged to review their current configuration and take necessary steps to patch these vulnerabilities as soon as possible.
This may involve disabling the VerifyHostKeyDNS option or exploring alternative protocols that offer better security.