Ethical Hacking News
Researchers have disclosed two brand-new vulnerabilities in OpenSSH, a widely used open source implementation of the SSH protocol, that could be exploited by attackers to perform machine-in-the-middle (MitM) attacks on the client and pre-authentication denial-of-service (DoS) attacks on both the client and server.
Recent vulnerabilities in OpenSSH pose risks for encrypted remote connections and secure file transfers. Two new vulnerabilities, CVE-2025-26465 and CVE-2025-26466, have been discovered that can be exploited for machine-in-the-middle (MitM) attacks and denial-of-service (DoS) attacks. The MitM bug allows attackers to impersonate servers, while the DoS bug causes asymmetric resource consumption leading to prolonged outages. Patches have been released to address both vulnerabilities, with OpenSSH version 9.9p2 now available. Admins are advised to update their clients and servers promptly to mitigate these risks.
OpenSSH is one of the most widely used protocols for encrypted remote connections across Windows, Linux, and macOS, as well as secure file transfers. Its prominence can be attributed to its widespread adoption by high-profile organizations such as Facebook, Morgan Stanley, NetApp, Netflix, and Uber. However, recent vulnerabilities in OpenSSH have raised concerns among administrators and security experts about the potential risks it poses.
According to a recent report from Qualys, researchers discovered two brand-new vulnerabilities in OpenSSH that could be exploited by attackers to perform machine-in-the-middle (MitM) attacks on the client and pre-authentication denial-of-service (DoS) attacks on both the client and server. The MitM bug, identified as CVE-2025-26465, is only exploitable when the VerifyHostKeyDNS option is set to "yes" or "ask." The default setting has been changed to "no," but between September 2013 and March 2023, it was enabled by default on FreeBSD. This vulnerability allows an attacker to impersonate the server to which a vulnerable OpenSSH client usually connects by bypassing server identity checks, leading to MitM attacks.
The DoS bug, identified as CVE-2025-26466, affects both the OpenSSH client and server, and could lead to prolonged outages preventing admins from performing maintenance on key servers. This vulnerability is caused by an asymmetric resource consumption of both memory and CPU. The two vulnerabilities were discovered in January 2025, according to Qualys' disclosure timeline.
Qualys' technical advisory notes that the MitM bug was introduced to OpenSSH over a decade ago in December 2014, shortly before version 6.8p1 was released. The DoS bug, on the other hand, was introduced in August 2023, not long before version 9.5p1.
The patches for CVE-2025-26465 and CVE-2025-26466 were released this morning, which addresses both vulnerabilities. OpenSSH today released version 9.9p2, which thanked Qualys for the report and acknowledged the contributions of the open source community.
Saeed Abbasi, product manager at Qualys' Threat Research Unit, noted that SSH sessions can be a prime target for attackers aiming to intercept credentials or hijack sessions. If compromised, hackers could view or manipulate sensitive data, move across multiple critical servers laterally, and exfiltrate valuable information such as database credentials.
"Such breaches can lead to reputational damage, violate compliance mandates e.g. GDPR, HIPAA, PCI-DSS, and potentially disrupt critical operations by forcing system downtime to contain the threat," Abbasi added.
It is essential for administrators and security experts to update their OpenSSH clients and servers at the earliest available opportunity to mitigate these vulnerabilities. The fact that a proof-of-concept (PoC) exploit was made available at the same time as the patches suggests that admins should take prompt action to protect themselves against potential attacks.
Related Information:
https://go.theregister.com/feed/www.theregister.com/2025/02/18/openssh_vulnerabilities_mitm_dos/
https://nvd.nist.gov/vuln/detail/CVE-2025-26465
https://www.cvedetails.com/cve/CVE-2025-26465/
https://nvd.nist.gov/vuln/detail/CVE-2025-26466
https://www.cvedetails.com/cve/CVE-2025-26466/
Published: Tue Feb 18 11:54:32 2025 by llama3.2 3B Q4_K_M
