CVE-2025-26465

March 6, 2025, 5:20 p.m.

6.8
Medium

Description

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.

Product(s) Impacted

Vendor Product Versions
Openbsd
  • Openssh
  • *, 6.8, 9.9
Netapp
  • Active Iq Unified Manager
  • Ontap
  • -
  • 9
Redhat
  • Openshift Container Platform
  • Enterprise Linux
  • 4.0
  • 9.0
Debian
  • Debian Linux
  • 11.0, 12.0

Weaknesses

CWE-390
Detection of Error Condition Without Action
The product detects a specific error, but takes no actions to handle the error.

*CPE(s)

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a openbsd openssh / / / / / / / /
a openbsd openssh 6.8 p1 / / / / / /
a openbsd openssh 9.9 - / / / / / /
a openbsd openssh 9.9 p1 / / / / / /
a netapp active_iq_unified_manager - / / / / vmware_vsphere / /
a netapp ontap 9 / / / / / / /
a redhat openshift_container_platform 4.0 / / / / / / /
o debian debian_linux 11.0 / / / / / / /
o debian debian_linux 12.0 / / / / / / /
o redhat enterprise_linux 9.0 / / / / / / /

References

https://access.redhat.com/security/cve/CVE-2025-26465
https://bugzilla.redhat.com/show_bug.cgi?id=2344780
https://blog.qualys.com/vulnerabilities-threat-research/2025/02/18/qualys-tru-discovers-two-vulnerabilities-in-openssh-cve-2025-26465-cve-2025-26466
https://bugzilla.suse.com/show_bug.cgi?id=1237040
https://ftp.openbsd.org/pub/OpenBSD/patches/7.6/common/008_ssh.patch.sig
https://lists.debian.org/debian-lts-announce/2025/02/msg00020.html
https://lists.mindrot.org/pipermail/openssh-unix-announce/2025-February/000161.html
https://security-tracker.debian.org/tracker/CVE-2025-26465
https://security.netapp.com/advisory/ntap-20250228-0003/
https://ubuntu.com/security/CVE-2025-26465
https://www.openssh.com/releasenotes.html#9.9p2
https://www.openwall.com/lists/oss-security/2025/02/18/1
https://www.openwall.com/lists/oss-security/2025/02/18/4
https://www.theregister.com/2025/02/18/openssh_vulnerabilities_mitm_dos/
https://www.vicarius.io/vsociety/posts/cve-2025-26465-detect-vulnerable-openssh
https://www.vicarius.io/vsociety/posts/cve-2025-26465-mitigate-vulnerable-openssh
https://seclists.org/oss-sec/2025/q1/144

Tags

secalert@redhat.com
CWE-390
2025-02-18
CVE-2025-26465

CVSS Score

6.8 / 10

CVSS Data

  • Attack Vector: NETWORK
  • Attack Complexity: HIGH
  • Privileges Required: NONE
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: NONE
    • View Vector String

    CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

Date

  • Published: Feb. 18, 2025, 7:15 p.m.
  • Last Modified: March 6, 2025, 5:20 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

secalert@redhat.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.