Critical OpenSSH Security Alert: Dangerous MitM and DoS Vulnerabilities Discovered — Update Immediately

Critical OpenSSH Vulnerabilities Expose Systems to Security Risks

Two significant security flaws have been identified in OpenSSH, potentially exposing systems to serious security threats. The Qualys Threat Research Unit has detailed these vulnerabilities:

1. Man-in-the-Middle Vulnerability (CVE-2025-26465)
– Affects OpenSSH versions 6.8p1 to 9.9p1
– CVSS score: 6.8
– Enables attackers to impersonate legitimate servers
– Exploitable when VerifyHostKeyDNS option is enabled
– Particularly impacts FreeBSD systems (2013-2023) where the option was enabled by default

2. Denial-of-Service Vulnerability (CVE-2025-26466)
– Affects OpenSSH versions 9.5p1 to 9.9p1
– CVSS score: 5.9
– Causes excessive memory and CPU consumption
– Can prevent administrative access and disrupt operations
– Exploitable pre-authentication

Impact and Resolution:
– Successful exploitation could lead to compromised SSH sessions and unauthorized data access
– Both vulnerabilities have been patched in OpenSSH 9.9p2
– This follows the earlier regreSSHion vulnerability (CVE-2024-6387) discovered by Qualys
– Users are advised to update to the latest version immediately

Organizations using affected versions should prioritize updates to maintain system security and prevent potential attacks.

Keywords: OpenSSH vulnerabilities, SSH security flaws, CVE-2025-26465, CVE-2025-26466, SSH man-in-the-middle attack, OpenSSH patch update

Share This Article

Critical OpenSSH Security Alert: Dangerous MitM and DoS Vulnerabilities Discovered — Update Immediately

Related Articles

Urgent Alert: Booking.com Phishing Scam Uses “ClickFix” Trick to Deploy Dangerous Malware Against Hospitality Workers

Urgent Alert: Critical FreeType Vulnerability Actively Exploited in the Wild – What You Need to Know

Alert: Medusa Ransomware Strikes Over 300 U.S. Critical Infrastructure Organizations

Quick Links

Company

Get In Touch