OpenSSH flaws could enable man-in-the-middle attacks, denial of service

Two vulnerabilities in OpenSSH could enable man-in-the-middle (MitM) attacks or denial of service (DoS), the Qualys Threat Research Unit (TRU) revealed Tuesday.

OpenSSH version 9.9p2 resolves both flaws, tracked as CVE-2025-26465 and CVE-2025-26466, which were discovered by Qualys TRU researchers. Each vulnerability has been attributed to memory error conditions.

CVE-2025-26465 could cause a client to connect to an attacker-controlled server rather than the intended server, potentially leading to the theft of sensitive information such as credentials. There are some mitigating factors, as the attack only works if the VerifyHostKeyDNS client configuration option is set to “yes” or “ask,” while the default configuration is for VerifyHostKeyDNS to be set to “no.

Qualys notes that the default configuration may differ between implementations – for example, VerifyHostKeyDNS was enabled by default in FreeBSD from September 2013 to March 2023. The flaw has been present in the OpenSSH code since December 2024, just prior to the release of version 6.8p1.

CVE-2025-26466 has been present since August 2023, shortly before version 9.5p1 was released, and can enable DoS attacks against both OpenSSH clients and servers.

Qualys recommends upgrading to OpenSSH 9.9p2 as soon as possible to resolve both flaws, although disabling VerifyHostKeyDNS could mitigate CVE-2025-26265 and utilizing LoginGraceTime, MaxStartups and PerSourcePenalties configurations could prevent successful exploitation of CVE-2025-26266 against OpenSSH servers.

Memory errors could lead to manipulation of SSH sessions

Both flaws discovered by the Qualys TRU stem from similar memory errors that could allow an attacker to exhaust client or server memory, the researchers explained in a technical analysis of the flaws.

The researchers found that, when pinging a server, the client allocates unlimited memory that is not freed until after the initial key exchange is complete. Additionally, out-of-memory errors (SSH_ERR_ALLOC_FAIL) are not handled properly, allowing key verification to be bypassed when memory is exhausted.

An attacker can exploit this vulnerability by intentionally flooding the client’s memory with excessive pings and a long server host keys with additional certificate extensions, causing the client to connect to the malicious server without verification.

“SSH sessions can be a prime target for attackers aiming to intercept credentials or hijack sessions. If compromised, hackers could view or manipulate sensitive data, move across multiple critical servers laterally, and exfiltrate valuable information such as database credentials,” the researchers wrote.

The Qualys team noted that significant computing resources are required to handle packets received and processed during the key exchange; if the client or server is flooded with pings, buffered outgoing (pong) packets are rebuffered in a process that takes up asymmetric computing resources compared to the size of the original pings, which leads to a crash.

These flaws are significant due to the widespread implementation of OpenSSH across Unix-like operation systems like Linux and macOS. Qualys TRU previously discovered an unauthenticated remote code execution (RCE) vulnerability in OpenSSH’s server, dubbed regreSSHion, which potentially affected more than 14 million internet-exposed OpenSSH servers in July 2024.