PT-2025-7168 · Openssh +11 · Openssh +11

Published

2025-02-17

·

Updated

2025-09-03

·

CVE-2025-26465

Report an issue
CVSS v2.0
7.1
VectorAV:N/AC:H/Au:N/C:C/I:C/A:N

Name of the Vulnerable Software and Affected Versions:

OpenSSH versions 6.8p1 through 9.9p1

Description:

A machine-in-the-middle attack vulnerability exists in OpenSSH when the `VerifyHostKeyDNS` option is enabled. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high. The vulnerability allows a malicious machine to impersonate a legitimate server, potentially compromising the connection's integrity.

Recommendations:

For OpenSSH versions 6.8p1 through 9.9p1, update to version 9.9p2 or later to fix the vulnerability. As a temporary workaround, consider disabling the `VerifyHostKeyDNS` option until a patch is available. Restrict access to the SSH client to minimize the risk of exploitation. Avoid using the `VerifyHostKeyDNS` feature in the affected API endpoint until the issue is resolved.

Exploit

Fix

DoS

Weakness Enumeration

CWE-390

Related Identifiers

ALSA-2025:6993
ALT-PU-2025-3003
ALT-PU-2025-3009
ALT-PU-2025-3011
ALT-PU-2025-3015
ALT-PU-2025-3193
ALT-PU-2025-3292
ALT-PU-2025-3298
ALT-PU-2025-3300
BDU:2025-01959
CVE-2025-26465
DLA-4057-1
DSA-5868-1
FREEBSD-SA-25_05
INFSA-2025_6993
MGASA-2025-0080
OPENSUSE-SU-2025:14820-1
OPENSUSE-SU-2025_0585-1
OPENSUSE-SU-2025_0605-1
RHSA-2025:3837
RHSA-2025:6993
RHSA-2025_6993
SUSE-SU-2025:0585-1
SUSE-SU-2025:0605-1
SUSE-SU-2025:0659-1
SUSE-SU-2025:0744-1
SUSE-SU-2025_0585-1
SUSE-SU-2025_0605-1
SUSE-SU-2025_0659-1
SUSE-SU-2025_0744-1
USN-7270-1
USN-7270-2

Affected Products

Alt Linux
Almalinux
Astra Linux
Freebsd
Ibm Aix
Linuxmint
Apple Macos
Openssh
Red Hat
Red Os
Suse
Ubuntu