- QUALYS discovers two errors in OpenSH
- Defects could be used in machine attacks in the middle and the denial of service.
- The patches are available, as well as some mitigations
Openssh brought two vulnerabilities that had allowed machine attacks in the middle (MITM) and service denial attacks (two), experts warned.
Cybersecurity researchers of the Threat Research Unit of Qualys (TRU), who discovered the defects and helped repair things, said they saw two vulnerabilities, one tracked as CVE-2025-26465, and another tracked as CVE-2025- 26466.
The first allows an active MITM attack in the OpenSH client when the Verifyhostkeydns option is enabled, while the second affects both the client and the OpenSH server, and enables the two pre -authentication attacks.
Millions of victims
For the MITM attack to succeed, the Verifyhostkeydns option must be established in “yes” or “ask,” said Qualys, and emphasized that the default option is “no”. The attack does not require user interaction and does not depend on the existence of a SSHFP resources record in DNS. This defect was present at OpenSH since December 2014, it was added, just before the launch of OpenSH 6.8p1.
“If an attacker can make a man attack in the middle through CVE-2025-26465, the client can accept the attacker's key instead of the legitimate server key,” says the blog. “If you look compromised, computer pirates could see or manipulate confidential data, move through multiple critical servers laterally and exfilt valuable information, such as the credentials of the database.”
The second defect was introduced in August 2023, Qualys added, shortly before the launch of Openssh 9.5p1. If threat actors can exploit it repeatedly, they can cause prolonged interruptions or prevent administrators from managing servers, it was said.
The error can be mitigated on the server side taking advantage of the existing mechanisms in Openssh, such as loginguracetime, maxstartups and persursorcepenalties.
Regardless of the possible mitigations, Qualys urges all users to update at Openssh 9.9p2, since this version addresses both vulnerabilities. “To guarantee continuous security, we strongly advise the update of the systems affected at 9.9p2 as soon as possible,” said the researchers.
Openssh (Open Secure Shell) is a set of open source tools that provide encrypted communication, safe remote login and file transfers through a non -safe network using the SSH protocol.
