February 18, 2025 By Bill Toulas
OpenSSH has released security updates addressing two vulnerabilities, a machine-in-the-middle (MitM) and a denial of service flaw, with one of the flaws introduced over a decade ago.
Qualys discovered both vulnerabilities and demonstrated their exploitability to OpenSSH's maintainers.
OpenSSH (Open Secure Shell) is a free, open-source implementation of the SSH (Secure Shell) protocol, which provides encrypted communication for secure remote access, file transfers, and tunneling over untrusted networks.
It is one of the most widely used tools in the world, with high levels of adoption across Linux and Unix-based (BSD, macOS) systems found in enterprise environments, IT, DevOps, cloud computing, and cybersecurity applications.
The two vulnerabilities
The MiTM vulnerability, tracked under CVE-2025-26465, was introduced in December 2014 with the release of OpenSSH 6.8p1, so the issue remained undetected for over a decade.
The flaw affects OpenSSH clients when the 'VerifyHostKeyDNS' option is enabled, allowing threat actors to perform MitM attacks.
"The attack against the OpenSSH client (CVE-2025-26465) succeeds regardless of whether the VerifyHostKeyDNS option is set to "yes" or "ask" (its default is "no"), requires no user interaction, and does not depend on the existence of an SSHFP resource record (an SSH fingerprint) in DNS," explains Qualys.
