Two OpenSSH vulnerabilities, CVE-2025-26465 and CVE-2025-26466, affect multiple versions of OpenSSH. These vulnerabilities can be exploited for man-in-the-middle (MitM) attacks or cause a denial-of-service (DoS) attack. Review this Cybersecurity Threat Advisory to mitigate your risk.
What is the threat?
OpenSSH is an open-source implementation of the Secure Shell (SSH) protocol 2.0, used for remote access, server management, and file transfers. CVE-2025-26465 affects the OpenSSH client when the VerifyHostKeyDNS option is enabled. CVE-2025-26466, on the other hand, can be exploited regardless of the VerifyHostKeyDNS option in use. Exploitation can occur without user interaction, even if no Secure Shell fingerprint record (SSHFP) exists.
Why is it noteworthy?
Millions of servers are potentially at risk from these two vulnerabilities. If successfully exploited, attackers can intercept or manipulate data transferred to unexpecting users. According to Shodan, about 33 million internet-exposed servers use OpenSSH. These vulnerabilities affect both the client and the server, allowing attackers to exploit them without authentication and launch DoS attacks by consuming memory and CPU resources asymmetrically.
What is the exposure or risk?
By default, the VerifyHostKeyDNS option is disabled. However, if an attacker performs a MitM attack, the client may accept the attacker’s key instead of the legitimate server’s key. This compromises the integrity of the SSH connection, enabling potential interception or tampering with the session before it is detected.
What are the recommendations?
Barracuda recommends the following actions to mitigate the effects of these vulnerabilities:
- Update OpenSSH to version 9.9p2 as soon as possible.
- Use data encryption to keep attackers from immediately leveraging data.
- Keep malware-detection software up to date.
- Adopt redundancy to ensure service availability even if one component fails.
References
For more in-depth information on the above recommendations, please visit the following links:
- https://www.msn.com/en-us/money/other/fressh-bugs-undiscovered-for-years-threaten-openssh-security/ar-AA1zi6qF?ocid=BingNewsVerp
- https://www.securityweek.com/openssh-patches-vulnerabilities-allowing-mitm-dos-attacks/
- https://www.databreachtoday.com/exploit-approaches-published-for-2-new-openssh-bugs-a-27544
If you have any questions about this Cybersecurity Threat Advisory, don’t hesitate to get in touch with Barracuda Managed XDR’s Security Operations Center.
