News Security

OpenSSH Vulnerabilities: CVE-2025-26465 and CVE-2025-26466

by Corentin C | Leave a comment

openssh

A recent security advisory from Qualys has uncovered two vulnerabilities in OpenSSH that could put users at risk:

  • CVE-2025-26465: A machine-in-the-middle (MitM) attack targeting the OpenSSH client when the VerifyHostKeyDNS option is enabled.
  • CVE-2025-26466: A denial-of-service (DoS) attack that affects both OpenSSH clients and servers, leading to excessive memory and CPU consumption.

CVE-2025-26465: MitM Attack on OpenSSH Client

If the VerifyHostKeyDNS option is enabled in OpenSSH, an attacker positioned between the client and server can impersonate the SSH server, bypassing identity verification checks. This means that a user could unknowingly connect to a malicious server, potentially exposing sensitive information.

  • This option is disabled by default, but some operating systems (such as FreeBSD) had it enabled by default in the past.
  • The vulnerability has existed since December 2014 (OpenSSH 6.8p1).

Recommended Action:

  • Ensure VerifyHostKeyDNS is set to no in your SSH configuration unless absolutely necessary.
  • Use additional host key verification methods, such as manually verifying fingerprints.

CVE-2025-26466: DoS Attack Against OpenSSH

A second vulnerability allows an attacker to overload OpenSSH clients and servers by consuming excessive memory and CPU resources before authentication.

  • Introduced in August 2023 (OpenSSH 9.5p1).
  • Can be mitigated on the server side using existing OpenSSH settings:
    • LoginGraceTime: Limits the time allowed for authentication.
    • MaxStartups: Restricts the number of concurrent unauthenticated connections.
    • PerSourcePenalties (OpenSSH 9.8p1+): Reduces the impact of repeated attacks from the same source.

Recommended Action:

  • Configure LoginGraceTime and MaxStartups in your sshd_config.
  • Upgrade to OpenSSH 9.8p1 or later and enable PerSourcePenalties to mitigate attack risks.

Conclusion

These vulnerabilities highlight the importance of securing SSH configurations. While VerifyHostKeyDNS is not enabled by default, users should verify their settings. Likewise, implementing OpenSSH’s built-in security measures can help defend against DoS attacks. Keeping OpenSSH up to date is the best way to stay protected.

For more details, refer to the official OpenSSH documentation:

More in depth analysis is also available here: https://www.qualys.com/2025/02/18/openssh-mitm-dos.txt

Stay Updated with ToolsLib! 🚀
Join our community to receive the latest cybersecurity tips, software updates, and exclusive insights straight to your inbox!

Tagged

You might also like

Microsoft Majorana 1

Microsoft Unveils Majorana 1: A Quantum Leap in Computing

Microsoft has unveiled the Majorana 1 chip, a groundbreaking quantum chip that utilizes a new Topological Core architecture. This innovation aims to enable quantum computers capable of solving significant industrial challenges in years rather than decades, leveraging topoconductors to produce stable and scalable qubits. With a vision to reach a million qubits, Microsoft is set to revolutionize industries from healthcare to materials science.

Read more »

Apple iPhone 16e

The iPhone 16e: Apple’s New Affordable Alternative

Apple has unveiled the iPhone 16e, an affordable alternative to its flagship models. With a modern design, a 6.1-inch OLED display, the A18 chip, and a 48 MP camera, it offers high-end features at a lower price. Starting at $599, the iPhone 16e is perfect for those seeking a powerful yet budget-friendly iPhone.

Read more »

X Logo Twitter

X Blocks Users from Posting Signal.me Links

X has started blocking Signal.me links, preventing users from sharing secure messaging connections. This move impacts journalists and privacy-conscious individuals who rely on Signal for encrypted communication. Find out why it’s happening and what alternatives exist.

Read more »

Apple Security

Apple Releases Security Fixes in iOS 18.3.1 and iPadOS 18.3.1

Apple’s latest iOS 18.3.1 and iPadOS 18.3.1 updates fix a critical security flaw that could allow attackers to bypass USB Restricted Mode on locked devices. This vulnerability (CVE-2025-24200) has been exploited in targeted attacks. Learn why this update matters and how to secure your device.

Read more »

valve piratefi

PirateFi Malware Incident: A Warning to Steam Gamers

Valve has warned Steam users about PirateFi, a recently released game that was found to contain malware. The malicious files aimed to steal browser cookies, leading to account hijacking. Learn what happened and how to stay safe. Valve has recently issued a security alert to Steam users regarding a newly released game, PirateFi, which was found to contain malware. This alarming discovery has raised concerns among gamers, emphasizing the importance of vigilance when downloading and launching games from digital platforms.

Read more »

Microsoft Deepseek R1

DeepSeek R1: Microsoft’s Strategic Move in AI Beyond OpenAI

Microsoft has added DeepSeek R1 to its Azure AI Foundry, offering a cost-effective and high-performance AI model. With local execution support on Copilot+ PCs and growing security concerns, this move signals Microsoft's shift towards AI diversification beyond OpenAI.

Read more »

FLAC logo

FLAC 1.5.0 Released: Multithreaded Encoding & More!

FLAC 1.5.0 brings multithreaded encoding, improved metadata handling, and enhanced decoding for chained Ogg FLAC files. Discover the latest improvements and get the update now! 🚀

Read more »

Cloudflare R2

Recent Cloudflare R2 Outage

On February 6, 2025, Cloudflare R2 suffered a major outage for 59 minutes due to human error, impacting services like Stream, Images, and Cache Reserve. The incident was caused by an unintended shutdown of the R2 Gateway service during an abuse report remediation. Cloudflare has since implemented new safeguards to prevent similar disruptions. Read more about the incident and its aftermath.

Read more »

Qwen AI from Alibaba

Alibaba’s Qwen 2.5: A Quiet Yet Promising Launch

Alibaba’s Qwen 2.5 AI models have launched with strong capabilities, but the unveiling was much quieter than DeepSeek V3’s. With impressive results in video analysis and math, Qwen 2.5 signals Alibaba’s growing presence in the AI race.

Read more »

French Senate Votes on Law Raising Privacy and Encryption Concerns

The French Senate has approved a law that expands surveillance powers, sparking debates on privacy and encryption. The bill allows authorities broader access to encrypted communications, raising concerns among security experts and privacy advocates. Proton has warned that such measures could undermine end-to-end encryption and create security vulnerabilities.

Read more »

Apple Security

Apple Faces UK Government Demand for Encrypted iCloud Backdoor

Apple is facing pressure from the UK government to create a backdoor for encrypted iCloud backups under the Investigatory Powers Act. If implemented, this could compromise global user privacy and set a dangerous precedent for digital security.

Read more »

FMRS Furtivex Malware Removal Script

Welcoming Furtivex Malware Removal Script to ToolsLib!

We’re excited to welcome Furtivex Malware Removal Script to ToolsLib! This free, portable malware scanner provides aggressive threat removal, system integrity checks, and comprehensive logging. Download it today and boost your security!

Read more »

To top

Table of Contents

Index
×