- Qualiers discovers two bugs in OpenSsh
- The faults could be used in the machine’s attacks in the environment and the denial of service
- Corrects are available, as well as certain attenuations
OpenSSH carried two vulnerabilities which permitted machine attacks in the environment (MITM) and the attacks of Department of Service (DOS), warned experts.
Cybersecurity researchers of the Research Unit on Qualification Threats (TRI), who discovered faults and helped to repair things, noted that they had spotted two vulnerabilities, one followed under the name of CVE -2025-26465, and another followed under the name of CVE-2025-26466.
The first allows an active MITM attack on the OpenSSH customer when the Verifyhostkeydns option is activated, while the second affects both the OpenSSH customer and server, and allows pre-authentication back attacks.
Millions of victims
For the MITM attack to succeed, the Verifyhostkeydns option must be defined on “yes” or “ask,” said Qualys, stressing that the default option is “no”. The attack does not require any user interaction and does not depend on the existence of a recording of SSHFP resources in DNS. This defect was present in OpenSsh since December 2014, it was added, just before the release of OpenSSH 6.8P1.
“If an attacker can make a man’s attack in the community via CVE-2025-26465, the customer can accept the key to the attacker instead of the legitimate server key,” said the blog. “If compromised, hackers could display or manipulate sensitive data, move on several critical servers laterally and exfiltrate valuable information such as database identification information.”
The second defect was introduced in August 2023, added Qualys, shortly before the release of OpenSSH 9.5P1. If actors in the threat can exploit it several times, they can cause prolonged breakdowns or prevent administrators from managing servers, it was said.
The bug can be attenuated on the server side by taking advantage of existing mechanisms in OpenSsh such as Loggeracetime, Maxstartups and Persourcepencalties.
Regardless of the potential attenuations, Qualities urges all users to pass to OpenSSH 9.9P2, because this version deals with the two vulnerabilities. “To ensure continuous safety, we strongly recommend the upgrading of systems assigned to 9.9p2 as soon as possible,” said the researchers.
OpenSSH (Open Secure Shell) is a series of open source tools that provide encrypted communication, secure remote connection and file transfers on an unwanted network using the SSH protocol.
