OpenSSH vulnerabilities could pose huge threat to businesses everywhere

Representational image depecting cybersecurity protection
(Image credit: Shutterstock)

  • Qualys uncovers two bugs in OpenSSH
  • The flaws could be used in Machine-in-the-Middle and Denial-of-Service attacks
  • Patches are available, as well as some mitigations

OpenSSH carried two vulnerabilities that were enabling machine-in-the-middle (MitM) attacks and denial-of-service (DoS) attacks, experts have warned.

Cybersecurity researchers from the Qualys Threat Research Unit (TRU), who discovered the flaws and helped patch things up, noted they spotted two vulnerabilities, one tracked as CVE-2025-26465, and another tracked as CVE-2025-26466.

The former allows an active MitM attack on the OpenSSH client when the VerifyHostKeyDNS option is enabled, while the latter affects both the OpenSSH client and server, and enables pre-authentication DoS attacks.

Millions of victims

For the MitM attack to succeed, the VerifyHostKeyDNS option needs to be set to either “yes”, or “ask”, Qualys said, stressing that the default option is “no.” The attack requires no user interaction, and does not depend on the existence of an SSHFP resource record in DNS. This flaw was present in OpenSSH since December 2014, it was added, just before the release of OpenSSH 6.8p1.

“If an attacker can perform a man-in-the-middle attack via CVE-2025-26465, the client may accept the attacker’s key instead of the legitimate server’s key,” the blog reads. “If compromised, hackers could view or manipulate sensitive data, move across multiple critical servers laterally, and exfiltrate valuable information such as database credentials.”

The second flaw was introduced in August 2023, Qualys added, shortly before the release of OpenSSH 9.5p1. If threat actors can repeatedly exploit it, they may cause prolonged outages or prevent admins from managing servers, it was said.

The bug can be mitigated on the server side by leveraging existing mechanisms in OpenSSH such as LoginGraceTime, MaxStartups, and PerSourcePenalties.

Regardless of potential mitigations, Qualys urges all users to upgrade to OpenSSH 9.9p2, since this version addresses both vulnerabilities. “To ensure continued security, we strongly advise upgrading affected systems to 9.9p2 as soon as possible,” the researchers said.

OpenSSH (Open Secure Shell) is a suite of open source tools that provide encrypted communication, secure remote login, and file transfers over an unsecured network using the SSH protocol.

You might also like

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Top file synchronization tool Rsync security flaws mean up to 660,000 servers possibly affected
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
A VPN runs on a mobile phone placed on a laptop keyboard
SonicWall firewalls hit by worrying cyberattack
Best free Linux firewalls
SonicWall tells admins to patch worrying SSLVPN flaw immediately
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Cisco patches critical security issues, so update now
Representational image depecting cybersecurity protection
Cisco smart licensing system sees critical security flaws exploited
Latest in Security
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Multiple H3C Magic routers hit by critical severity remote command injection, with no fix in sight
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Coinbase targeted after recent Github attacks
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
Latest in News
girl using laptop hoping for good luck with her fingers crossed
Windows 11 24H2 seems to be a massive fail – so Microsoft apparently working on 25H2 fills me with hope... and fear
ChatGPT Advanced Voice mode on a smartphone.
Talking to ChatGPT just got better, and you don’t need to pay to access the new functionality
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Multiple H3C Magic routers hit by critical severity remote command injection, with no fix in sight
Apple Watch Ultra 2 timer
The Apple Watch is getting a sleep alarm upgrade it probably should have had 10 years ago
Nikon Z5
The Nikon Z5 II could land soon – here's what to expect from Nikon's rumored entry-level full-frame camera
Google Pixel Watch 3
Google Pixel Watches hit with delayed notifications, crashing, and performance issues following Wear OS 5.1 update