CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-26465: Openssh: machine-in-the-middle attack if verifyhostkeydns is enabled

Description

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.

Classification

CVE ID: CVE-2025-26465

Affected Products

Vendor: Red Hat

Product: Red Hat Enterprise Linux 6

Exploit Prediction Scoring System (EPSS)

EPSS Score: 11.5% (probability of being exploited)

EPSS Percentile: 92.7% (scored less or equal to compared to others)

EPSS Date: 2025-03-19 (when was this score calculated)

References

https://access.redhat.com/security/cve/CVE-2025-26465
https://bugzilla.redhat.com/show_bug.cgi?id=2344780

Timeline

2025-02-18 11:15:43 UTC
CyberInsider

OpenSSH Vulnerabilities Exposed Millions to Multi-Year Risks
2025-02-18 17:15:17 UTC
TheHackerNews

New OpenSSH Flaws Enable Man-in-the-Middle and DoS Attacks — Patch Now
2025-02-18 17:45:40 UTC
Tenable Plugins

Debian dsa-5868 : openssh-client - security update
2025-02-18 17:45:54 UTC
Tenable Plugins

Debian dla-4057 : openssh-client - security update
2025-02-19 00:31:39 UTC
CVE

Openssh: machine-in-the-middle attack if verifyhostkeydns is enabled
2025-02-21 04:30:34 UTC
Full Disclosure Mailinglist

MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client
2025-02-25 10:15:46 UTC
Tenable Plugins

SUSE SLES12 Security Update : openssh (SUSE-SU-2025:0659-1)
2025-02-27 11:00:28 UTC
Tenable Plugins

CBL Mariner 2.0 Security Update: openssh (CVE-2025-26465)
2025-02-27 11:00:28 UTC
Tenable Plugins

Azure Linux 3.0 Security Update: openssh (CVE-2025-26465)