OpenSSH safe networking utility suits have discovered two security weaknesses, which are successfully exploited, an active machine-in-a-MITM (MITM) and a refusal-off-service (DOS) attack, as a result of the attack, Respectively, conditions under certainly some.
Detailed by Qualis Threat Research Unit (Tru), weaknesses are listed below –
- Cve-2025-26465 – OpenSSH client has a logic error between version 6.8p1 to 9.9p1 (inclusive), which makes it unsafe for an active MITM attack. If verifiedhostidNS option is capable, then apply a valid server to a malicious interleper to a valid server Allows when a customer tries to connect. This (introduced in December 2014)
- Cve-2025-26466 – OpenSSH client and server are unsafe between 9.5p1 to 9.9p1 (inclusive) for a pre-pronunciation DOS attack that causes memory and CPU consumption (introduced in August 2023)
“If an attacker can attack a man-in-a-middle attack via CVE-2025-26465, the client can accept the key to the attacker rather than the key to the legitimate server,” Saeed, the manager of the product in Qualis True Abbasi said.
“It will break the integrity of SSH connection, enable potential interception or also tamper with the session before the user is realized.”
In other words, a successful exploitation may allow malicious actors to compromise SSH sessions and get unauthorized access to abducting and sensitive data. It is worth noting that verifyhostkeydns option is disabled by default.
On the other hand, frequent exploitation of CVE-2025-26466 can result in issues of availability, can prevent administrators from server management and exclude legitimate users, effectively cripping regular operations Is.
The two weaknesses are addressed in Openshash 9.9P2 today, released in OpenShis.
This revelation comes after more than seven months when Qualis highlights another Openshash Floe Dubbed Regression (CVE-2024-6387), resulting in an informal remote code execution with root privileges in the GLIBC-based Linux system.
