Two security vulnerabilities have been discovered in the OpenSSH secure networking utility suite that, if successfully exploited, could result in an active machine-in-the-middle (MitM) and a denial-of-service (DoS) attack, respectively, under certain conditions.
The vulnerabilities, detailed by the Qualys Threat Research Unit (TRU), are listed below –
“If an attacker can perform a man-in-the-middle attack via CVE-2025-26465, the client may accept the attacker’s key instead of the legitimate server’s key,” Saeed Abbasi, manager of product at Qualys TRU, said.
“This would break the integrity of the SSH connection, enabling potential interception or tampering with the session before the user even realizes it.”
In other words, a successful exploitation could permit malicious actors to compromise and hijack SSH sessions, and gain unauthorized access to sensitive data. It’s worth noting that the VerifyHostKeyDNS option is disabled by default.
Repeated exploitation of CVE-2025-26466, on the other hand, can result in availability issues, preventing administrators from managing servers and locking legitimate users out, effectively crippling routine operations.
Both the vulnerabilities have been addressed in version OpenSSH 9.9p2 released today by OpenSSH maintainers.
The disclosure comes over seven months after Qualys shed light on another OpenSSH flaw dubbed regreSSHion (CVE-2024-6387) that could have resulted in unauthenticated remote code execution with root privileges in glibc-based Linux systems.
