CVE-2025-26465
- Source
- https://cve.org/CVERecord?id=CVE-2025-26465
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-26465.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-26465
- Downstream
- Related
- Published
- 2025-02-18T19:15:29.230Z
- Modified
- 2026-03-15T15:22:18.739520Z
- Severity
-
- 6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.
- References
-
- https://access.redhat.com/solutions/7109879
- http://seclists.org/fulldisclosure/2025/May/7
- http://seclists.org/fulldisclosure/2025/Feb/18
- https://www.theregister.com/2025/02/18/openssh_vulnerabilities_mitm_dos/
- http://seclists.org/fulldisclosure/2025/May/8
- https://access.redhat.com/errata/RHSA-2025:3837
- https://seclists.org/oss-sec/2025/q1/144
- https://blog.qualys.com/vulnerabilities-threat-research/2025/02/18/qualys-tru-discovers-two-vulnerabilities-in-openssh-cve-2025-26465-cve-2025-26466
- https://lists.debian.org/debian-lts-announce/2025/02/msg00020.html
- https://security.netapp.com/advisory/ntap-20250228-0003/
- https://www.openwall.com/lists/oss-security/2025/02/18/4
- https://www.vicarius.io/vsociety/posts/cve-2025-26465-detect-vulnerable-openssh
- https://access.redhat.com/errata/RHSA-2025:6993
- https://access.redhat.com/errata/RHSA-2025:8385
- https://security-tracker.debian.org/tracker/CVE-2025-26465
- https://ubuntu.com/security/CVE-2025-26465
- https://www.openssh.com/releasenotes.html#9.9p2
- https://access.redhat.com/security/cve/CVE-2025-26465
- https://lists.mindrot.org/pipermail/openssh-unix-announce/2025-February/000161.html
- https://www.openwall.com/lists/oss-security/2025/02/18/1
- https://www.vicarius.io/vsociety/posts/cve-2025-26465-mitigate-vulnerable-openssh
- https://access.redhat.com/errata/RHSA-2025:16823
- https://bugzilla.redhat.com/show_bug.cgi?id=2344780
- https://bugzilla.suse.com/show_bug.cgi?id=1237040
- https://ftp.openbsd.org/pub/OpenBSD/patches/7.6/common/008_ssh.patch.sig
Affected packages
Git / github.com/openssh/openssh-portable
Affected ranges
- Type
- GIT
- Repo
- https://github.com/openssh/openssh-portable
- Events
-
IntroducedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "6.9" }, { "last_affected": "9.8" }, { "introduced": "0" }, { "last_affected": "6.8-p1" }, { "introduced": "0" }, { "last_affected": "9.9-p1" }, { "introduced": "0" }, { "last_affected": "4.0" }, { "introduced": "0" }, { "last_affected": "9.0" } ] }
Affected versions
Other
V_6_9_P1
V_7_0_P1
V_7_1_P1
V_7_2_P1
V_7_3_P1
V_7_4_P1
V_7_5_P1
V_7_6_P1
V_7_7_P1
V_7_8_P1
V_7_9_P1
V_8_0_P1
V_8_1_P1
V_8_2_P1
V_8_4_P1
V_8_5_P1
V_8_6_P1
V_8_7_P1
V_8_8_P1
V_8_9_P1
V_9_0_P1
V_9_1_P1
V_9_2_P1
V_9_3_P1
V_9_5_P1
V_9_6_P1
V_9_7_P1
V_9_8_P1
Database specific
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.9-NA"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "12.0"
}
]
}
]
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-26465.json"